A new ransomware program dubbed Jigsaw encrypts users’ files and then begins to progressively delete them until the victim pays the equivalent of $150 in bitcoin cryptocurrency.
The Jigsaw Ransomware deletes files every 60 minutes and when the program is restarted.
Every hour, the Jigsaw Ransomware will delete a file on your computer and increment a counter. Over time this counter will cause more than one file to be deleted every hour.
Ransom message will appear with a picture of the Jigsaw killer’s mask from the horror film series Saw.
The good news, for now, it that malware experts have devised a method to decrypt files affected by Jigsaw without paying the ransom.
The first thing that users affected by this ransomware program should do is to open the Windows Task Manager and terminate all processes named firefox.exe or drpbx.exe that were created by the ransomware, Abrams said. Then they should launch the Windows MSConfig utility and disable the startup entry that points to %UserProfile%\AppData\Roaming\Frfx\firefox.exe.
This will stop the file deletion process and will prevent the malware from restarting when the system boots up.