Jigsaw ransomware, first detected in 2016, introduced a particularly stressful form of extortion by threatening to delete encrypted files over time if the ransom wasn’t paid. This time-based data destruction technique put additional pressure on victims, forcing them to act quickly to avoid losing their data permanently. The number of infections caused by Jigsaw ransomware is estimated to be in the thousands, with individual ransom demands typically ranging from $150 to $500 in Bitcoin. Jigsaw targeted individual users and small businesses, with industries across North America and Europe being the primary victims. While Jigsaw’s impact has lessened in recent years, it remains one of the most anxiety-inducing ransomware families.
What is Jigsaw Ransomware?
Jigsaw is a type of ransomware that encrypts files on a victim’s system and threatens to delete the encrypted files gradually if the ransom is not paid within a specific timeframe. The ransomware gets its name from the Jigsaw horror film franchise, as it uses the likeness of the film’s antagonist, Billy the Puppet, in its ransom messages. Once Jigsaw infects a system, it encrypts various file types and displays a ransom note that threatens to delete files every hour if the ransom is not paid. The ransomware starts by deleting a few files, then progressively increases the number of files deleted with each passing hour. Victims are typically asked to pay the ransom in Bitcoin to stop the file deletion and regain access to their data.
How does Jigsaw work?
Jigsaw ransomware typically spreads through malicious email attachments or phishing links. Once the ransomware is executed on a victim’s computer, it begins encrypting a wide range of file types, including documents, images, and databases. Jigsaw then displays a ransom note that threatens to delete a portion of the encrypted files if the ransom is not paid within a set timeframe. Every hour, the ransomware deletes a few files, with the rate of deletion increasing the longer the victim delays payment. Jigsaw also threatens to delete all files if the victim tries to shut down or restart the infected computer. Ransom demands typically range from $150 to $500, payable in Bitcoin.
History and Evolution
Jigsaw ransomware was first detected in April 2016 and quickly gained notoriety due to its time-based file deletion tactic. The ransomware spread primarily through email phishing campaigns, where victims were tricked into opening malicious attachments or clicking on malicious links. While the initial version of Jigsaw only affected individual users and small businesses, later versions added more sophisticated encryption techniques and targeted a broader range of victims. Although law enforcement and security researchers have developed decryption tools to help victims recover their files without paying the ransom, new variants of Jigsaw continue to appear, making it a persistent but low-level threat.
Notable Attacks
Jigsaw ransomware has been involved in several high-profile incidents, though it primarily targeted individual users and small businesses:
- Individual Users in North America: In 2016, Jigsaw primarily affected individual users in North America, where victims reported losing personal files such as photos, documents, and financial records due to the ransomware’s time-based deletion feature.
- Small Business Attacks: Jigsaw also targeted small businesses, including retail stores and service providers, where the loss of critical files due to file deletion caused significant operational disruptions.
Impact and Threat Level
Jigsaw ransomware’s impact stems from its ability to instill fear and urgency in its victims. The ransomware’s time-based file deletion feature heightened the pressure on victims, forcing them to act quickly or risk losing their data permanently. While Jigsaw’s ransom demands were relatively low compared to other ransomware families, the stress caused by the gradual deletion of files made it a particularly distressing experience for victims. Jigsaw primarily targeted individual users and small businesses, with most of the attacks occurring in North America and Europe. Although the ransomware’s overall threat level has decreased due to the availability of decryption tools, it remains a notable example of how psychological pressure can be used in ransomware attacks.
Jigsaw Ransomware Mitigation and Prevention
To protect against Jigsaw ransomware and similar threats, users and organizations should implement the following security measures:
- Email Security: Use advanced email filtering to block phishing emails and malicious attachments that could carry ransomware.
- Regular Backups: Maintain regular, offline backups of critical files to ensure data recovery in the event of a ransomware attack.
- Antivirus Software: Deploy reputable antivirus software to detect and block ransomware before it can encrypt files.
- User Education: Educate users on the dangers of opening unsolicited email attachments or clicking on suspicious links, which are common vectors for ransomware.
- Patch Management: Regularly update and patch software to close vulnerabilities that could be exploited by ransomware.
FAQs
- How much time does Jigsaw give before it starts deleting files?
Jigsaw typically starts deleting files one hour after the initial infection, with the rate of deletion increasing as time passes. - How much ransom does Jigsaw demand?
Jigsaw’s ransom demands are typically between $150 and $500, payable in Bitcoin. - Can files encrypted by Jigsaw be recovered without paying the ransom?
Yes, security researchers have developed decryption tools for Jigsaw, allowing victims to recover their files without paying the ransom.
Conclusion
Jigsaw ransomware stands out in the ransomware landscape due to its time-based file deletion tactic, which put victims under immense pressure to pay the ransom quickly. Although Jigsaw’s ransom demands were relatively low compared to other ransomware families, the fear of losing important files created a sense of urgency that made the attack particularly distressing. While the ransomware primarily targeted individual users and small businesses, its impact was significant in the North American and European regions. To defend against Jigsaw and similar threats, organizations and individuals must adopt strong email security, backup strategies, and user education to prevent ransomware infections and ensure data recovery.
