Ransomware is an exceptionally lucrative hacking technique, and it continues to thrive in a world where files and data are the life-blood of businesses. Ransomware has been a fast-growing and devastating trend; in 2015 alone, businesses lost a total of more than $24 million as a result of ransomware. Now, a new ransomware called Jigsaw has upped the ante by following through on its threats with an aggressive file-deleting agenda.
Jigsaw is a particularly cruel ransomware that expects victims to pay the ransom for the safe return of their files within a limited amount of time. If they fail to do so, the ransomware begins to delete files in hour-long increments. If victims desire the safe return of all their files, they have only 60 minutes to pay the $150 worth of Bitcoins required for the decryption key. If victims fail to comply with the hackers’ demands within 72 hours, all files will be deleted. For someone who has no clue how bitcoins or ransomware works, this request is extraordinarily unreasonable.
Another noteworthy feature of Jigsaw is that it means business. Unlike other types of ransomware that threaten to delete files if the user takes action to remove it from their PC, Jigsaw will act on its threats. If any action is taken to halt the ransomware’s processes, Jigsaw will delete 1,000 files from the machine.
Thankfully, a fix for it has been discovered. BleepingComputer details the process to eliminate the Jigsaw ransomware from an infected PC:
- Terminate the firefox.exe and drpbx.exe processes with your system’s Task Manager. This disables any further files from being deleted.
- Run MSConfig and disable the startup entry firefox.exe that points to %UserProfile%AppDataRoamingFrfxfirefox.exe
- Download the Jigsaw Decryptor tool from BleepingComputer.
- Once the program launches, select the directory you want to decrypt and select Decrypt My Files. If you’d like to decrypt the whole drive, select the C: drive. Also of note is that you don’t want to click on the checkmark that says Delete Encrypted Files. This is only there as a last resort for when your files cannot be decrypted.
- Once the files are decrypted, be sure to set up and run antivirus or anti-malware programs and scan for further infections.
How Do Enterprises Tend to Handle Ransomware?
It’s perfectly natural for organizations to panic and act out of fear for their business’s future. This is what ransomware appeals to; the raw, instinctual reaction to threats, which is then exploited to obtain revenue. In reality, $150 is a small price to pay for the future of your organization, but many enterprises simply have no choice but to pay up. Hackers will often seize backup data in addition to anything stored locally, leaving them with no choice but to pay the ransom and hope for the best. Unfortunately, hackers will often inflate the price of decryption in accordance with the target, so enterprises may not be getting away from the mess without breaking their budget. Then there’s the time factor; enterprises require a quick cleanup, and paying the ransom allows for just that. Considering the fact that larger businesses often have a board or publicly traded stock to answer to, they need to ensure that they have a swift response, as well as an explanation as to why the data was put in harm’s way in the first place.
How to Prevent Ransomware and Other Cyber Attacks
The best way to avoid dealing with ransomware and other nasty attacks on your computing infrastructure is to train your employees properly on how to identify and manage threats. This includes signs of viruses or malware on your company network, phishing scams in your email inbox, etc. Even holding quarterly meetings regarding new infiltration methods that are being used, and creating scenarios to test them with, can go a long way toward securing your network. You’re only as secure as your employees are knowledgeable. All it takes is one click on the wrong link, and your security solutions could be rendered virtually useless.
Set official training dates and incorporate these into your orientations to be most effective. If you fail to plan, then you plan to fail.
IronEdge Group Recognized on CRN’s 2024 MSP 500 List
Houston, Texas, February 12, 2024 — IronEdge Group is honored…
