Ransomware: This free tool decrypts 85 variants of the horror-tinged Jigsaw malware

Decryption tool tackles open-source versions of high-pressure malware.
Written by Steve Ranger, Global News Director

A tech security company has released a free tool that could help to unlock files encrypted by a version of ransomware that borrows horror movie themes in an effort to force victims to pay up.

Emsisoft said its free decryption tool for Jigsaw ransomware can currently unlock 85 variants of the malware, and will be updated as new variants emerge.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Jigsaw ransomware has been around since 2016 and is known for its dramatic means of pressurising victims to pay up fast, stealing the idea from the 2004 movie Saw, where characters have to solve puzzles within a time limit or face the consequences.

Not only does Jigsaw encrypt files, it also deletes them on a timed, countdown basis. One file is deleted an hour after the data has been encrypted and an increasing number of files are deleted every hour after that. At 72 hours, all remaining files are deleted. If the victim reboots their PC, the ransomware automatically relaunches and deletes 1,000 files. Ransoms range from $20 to $2,000 depending on the variant.

SEE: This unusual new ransomware is going after servers

A decryptor for Jigsaw was released in 2016, but the ransomware -- previously sold on a Tor marketplace -- is now open source, which has enabled malware developers to create multiple variants that the original tool could not decrypt.

Jigsaw encrypts victims' files with AES-128 and appends one of a number of extensions, including '.fun' and '.game'. A fake error message is displayed to mislead the victim to thinking the ransomware did not run.

Ransomware is a 30-year old menace -- the first ransomware appeared in 1989. But in recent years the impact of ransomware has accelerated: according to Bitdefender, ransomware reports have increased significantly in the past year. Crooks have also turned their attention to businesses, because encrypting an entire organisation's network and then demanding a ransom to decrypt the data can make for a much bigger payday than encrypting individual consumers' PCs. 

Editorial standards