happening-now
Leave a comment

Have security experts cracked the ransomware curse? Another one bites the dust

Have security experts cracked the ransomware curse? Another one bites the dust
Photo courtesy of shutterstock

Score another one for security researchers in the battle against ransomware. As you probably know, ransomware is one of the fastest-growing threats of the year. It strikes by encrypting files on a user's computer and only releasing them when the user pays the hackers a ransom.

As ransomware is evolving new versions are appearing that have clever new tricks. One called Petya attacked the entire hard drive, and another called Jigsaw deletes files every hour the user fails to pay. Fortunately, security researchers aren't standing still.

We recently told you that researchers developed a tool to decrypt hard drives hit by Petya ransomware. Now they've figured out how to reclaim a computer from Jigsaw.

As we said, Jigsaw is particularly scary because it actually deletes more of your files the longer you take to pay. It starts with one file after an hour, then moves to two after two hours, and so forth. If you try to restart the computer, Jigsaw will delete 1,000 files.

Researchers do say you can stop it from deleting files by opening Windows Task Manager and stopping the processes firefox.exe and drpbx.exe. Learn more about using Windows Task Manager.

You'll also need to disable the firefox.exe startup entry in MSConfig. To do that, go to Start and in the "Search for programs and files" field, type "msconfig" and hit Enter.

Then go to the Startup tab and find firefox.exe. It should have a path similar to "%UserProfile%\AppData\Roaming\Frfx\firefox.exe". Uncheck the option and Jigsaw won't load at startup. 

However, that still leaves your files locked unless you pay the hackers $150. That's why you need to go to https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip and download the decryptor program.

Open it and run JigSawDecrypter.exe. Click the "Select Directory" button to choose the directory with the files you want to decrypt. If you want to decrypt the entire hard drive, select "C:". Then click the "Decrypt My Files" button. You can get more information about using it here.

At the moment, it appears that Jigsaw spreads by pretending to be the setup file for Firefox. If you're installing Firefox on a computer, make sure you're getting it from the genuine Mozilla site.

You should also have security software installed. It detects and stops malicious files, including ransomware, from running.

Next Story
Source: Threat Post
Top Story: The one terrifying reason you must pay attention to hospital hacks
Previous Happening Now

Top Story: The one terrifying reason you must pay attention to hospital hacks

Facebook's unexpected strategy to improve your Internet speed
Next Happening Now

Facebook's unexpected strategy to improve your Internet speed

View Comments ()