Jigsaw (ransomware)
   HOME

TheInfoList



Click Here for Items Related To - Jigsaw (ransomware)
OR:
Jigsaw (ransomware) on:   [Wikipedia]   [Google]   [Amazon]

Jigsaw is a form of encrypting
ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
created in 2016. It was initially titled "BitcoinBlackmailer", but later came to be known as "Jigsaw" due to featuring an image of
Billy the Puppet Billy (commonly known as Jigsaw or combined name Billy Jigsaw) is a puppet that has appeared in the ''Saw'' franchise. It was used by John "Jigsaw" Kramer to communicate with his test subjects by delivering recorded messages, often appearin ...
from the ''Saw'' film franchise. The malware encrypts computer files and gradually deletes them, demanding payment of a ransom to decrypt the files and halt the deletion.


History

Jigsaw was designed in April 2016 and released a week after creation. It was designed to be spread through malicious attachments in spam emails. Jigsaw is activated if a user downloads the malware program which will encrypt all user files and
master boot record A master boot record (MBR) is a special type of boot sector at the very beginning of partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The concept of MBR ...
. Following this, a popup featuring Billy the Puppet will appear with the ransom demand in the style of ''Saw's''
Jigsaw Jigsaw may refer to: * Jigsaw (tool), a tool used for cutting arbitrary curves * Jigsaw puzzle, a tiling puzzle that requires the assembly of interlocking pieces Arts and media Comics * Jigsaw (Marvel Comics), a supervillain and arch-enemy of ...
(one version including the "I want to play a game" line from the franchise) for
Bitcoin Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distr ...
in exchange for decrypting the files. If the ransom is not paid within one hour, one file will be deleted. Following this for each hour without a ransom payment, the amount of files deleted is exponentially increased each time from a few hundred to thousands of files until the computer is wiped after 72 hours. Any attempt to reboot the computer or terminate the process will result in 1,000 files being deleted. A further updated version also makes threats to
dox 4-Substituted-2,5-dimethoxyamphetamines (DO''x'') is a chemical class of substituted amphetamine derivatives featuring methoxy groups at the 2- and 5- positions of the phenyl ring, and a substituent such as alkyl or halogen at the 4- po ...
the victim by revealing their personal information online. Jigsaw activates purporting to be either
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...
or
Dropbox Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, U.S. that offers cloud storage, file synchronization, personal cloud, and Client (computing), client software. Dropb ...
in
task manager In operating systems, a task manager is a system monitor program used to provide information about the processes and applications running on a computer, as well as the general status of the computer. Some implementations can also be used to t ...
. As Jigsaw stores the decryption key statically in the binary, it can be extracted from the binary using a hex editor or .NET decompiler to remove the encryption without paying the ransom.


Reception

''
The Register ''The Register'' is a British technology news website co-founded in 1994 by Mike Magee, John Lettice and Ross Alderson. The online newspaper's masthead sublogo is "''Biting the hand that feeds IT''." Their primary focus is information tec ...
'' wrote that "Using horror movie images and references to cause distress in the victim is a new low." In 2017, it was listed among 60 versions of ransomware that utilised evasive tactics in its activation.


References

{{Hacking in the 2010s 2016 in computing Ransomware Saw (franchise)