Skip to main content

Jigsaw Ransomware Deletes Thousands of Your Files

Today in "malware that is definitely not screwing around," consider the Jigsaw ransomware. This nasty program, inspired by the Saw franchise of horror films, locks users out of their files, then demands $150 to set things right. Here's the catch: Unless users cough up the cash, it will start nuking files by the thousands until it obliterates the system entirely.

Credit: Lionsgate Films

(Image credit: Lionsgate Films)

Bleeping Computer, a site that provides security fixes for everyday users, reported the threat, which earned a dubious distinction. Among all the ransomware that threatens to delete your files if you attempt to get rid of it, this seems to be the first one that actually carries out its threat.

If a user contracts the malware, a picture of Jigsaw, the killer from the Saw films, appears onscreen and states that he has encrypted every photo, video and document on the system in nonsensical .FUN, .KKK and .BTC extensions. An hour-long countdown begins, after which, the digital killer explains, he will begin deleting files forever.

MORE: Best Antivirus Software and Apps

Restarting the program does not help, nor does rebooting the machine; in fact, they exacerbate the problem. Left to its own devices, the program will delete only one file after the first hour. If you try to reboot, however, the program will destroy 1,000 files. Over time, the program will delete more and more files in a geometric progression until, after 72 hours, it will delete everything. (It's unclear exactly what "everything" means — whether the computer will function afterward, for example, or if the ransomware goes away on its own after that.)

To stop the process before it destroys every file you hold dear, the ransomware demands $150 in Bitcoin (the favored currency of cybercriminals and online libertarians the world over), at which point the files will (supposedly) return to normal. It’s unclear what happens to the program itself at that point.

The good news is that Bleeping Computer worked alongside other security researchers to develop a fix. If you've been targeted by Jigsaw, you can excise him with a handy decryption algorithm and an antivirus scan.  If you've already lost files, you can try recovering them with a free program like Piriform Recuva, but it may be hard to retrieve them unless you know exactly which ones disappeared.

The bad news is that it's not at all clear where the ransomware comes from, or how users contracted it initially. As always, Tom's Guide recommends steering clear of shady websites and not opening email attachments you didn't expect, as well as keeping a security suite running at all times.