Home Malware Programs Ransomware Jigsaw-Dat Ransomware

Jigsaw-Dat Ransomware

Posted: August 8, 2018

The Jigsaw-Dat Ransomware is a new version of the Jigsaw Ransomware, the Trojan that blocks your files by encrypting them, displays ransoming pop-up messages, and also deletes those same files, over time. The Trojan's campaign has the most impact against PC users who forget their backup schedules and allow encryption or deletion to occur for the only copies of their files. Users should be cautious about rebooting, due to some of this threat's attack capabilities, and use anti-malware programs for uninstalling the Jigsaw-Dat Ransomware safely.

A Puzzle of a Trojan Tries Its Hand at Memes

The Jigsaw Ransomware, one of the most colorful families of file-locker Trojans, is showing another variant for August, after similar updates like the Tedcrypt Ransomware, the '.invaded File Extension' Ransomware, and the '.black007 File Extension' Ransomware, all from different threat actors. Although malware researchers are finding limited changes inside of this next threat, the Jigsaw-Dat Ransomware, the file-locker does offer a variety of clues on how it could compromise new PCs. Even a single infection has the potential for blocking hundreds of files before any symptoms appear for the user.

The Jigsaw-Dat Ransomware's executable is using the French name of 'moi petite,' with some of its additional file data claiming that it's either a Firefox browser update or a PDF document. The threat launches a background encryption routine that can harm various data types, such as documents or pictures, by encrypting them with AES; malware experts also find the Trojan's adding '.dat' extensions to their names, which can help with identifying the now-illegible content. Like other versions of the Jigsaw Ransomware, the Jigsaw-Dat Ransomware displays an HTA pop-up window afterward.

Although the Jigsaw-Dat Ransomware's pop-up and its ransoming instructions are under construction, the Trojan uses a unique photograph of a smiling East African man in a white kofia-style hat as its background image. Further updates to the Jigsaw-Dat Ransomware's pop-up may ask for Bitcoins, or other ransoming payments, before giving the victim a decryption code. An embedded timer, also, may provide warning of the Trojan's file-deleting feature, which deletes one or more files whenever the countdown reaches zero and loops.

Putting All the Pieces of Defending against Trojans Together

Infections associated with the Jigsaw Ransomware family hold additional risks beyond those that most file-locking Trojans include. Along with the countdown-based deletion of data, the Jigsaw-Dat Ransomware also could delete files automatically as it launches, which it does automatically, whenever Windows restarts. Accordingly, malware researchers heavily advise against rebooting without using steps that disable the Trojan, first, such as booting through a specially-formatted USB drive. Doing so may require changing the boot device order in your BIOS settings.

The Jigsaw-Dat Ransomware's ransoming instructions will ask for Bitcoins or other payments before giving you any access to its decryption feature, but most versions of the Jigsaw Ransomware are compatible with free decryption programs. For restoring any files that you can't recover from backups, malware experts recommend making copies of the media and uninstalling the Jigsaw-Dat Ransomware with an anti-malware product of your choice, first. Then, download an appropriate decryption application (such as Michael Gillespie's 'Jigsaw Decrypter') and test its compatibility with the spare copies.

The danger of losing your files from the Jigsaw-Dat Ransomware arrives through more than one kind of attack, thereby raising the chances of an irrational response from the victim. If you don't want to take that risk, safety is no more distant than the time it takes to make at least one backup.

Loading...