New ransomware strain rips off the ‘Saw’ movies

ByCraig Haley

The number of different strains of ransomware out in the wild is growing quickly. And now ransomware authors are getting rather cocky and even a tad gaudy with their malware products, as the latest ransomware strain – dubbed Jigsaw – demonstrates.

The ransomware essentially uses images and characters from the popular Saw movie franchise to instil even more dread and fear into those the ransomware manages to infect.

Not only do you face the prospect of having all your personal files encrypted, the malware also brings up the Billy the Puppet character (below) along with typed instructions appearing on the screen one letter at a time that include the famous “I want to play a game” line from the movie.

Ransomware is a type of malware that – upon installation – encrypts all of a users files and forces them to pay a ransom to get a decryption key. Learn how to avoid the Jigsaw ransomware (and other versions) in our article here.

jigsaw1

jigsaw2

The ransomware claims that the longer the victim waits to pay for the decryption key, the more files that will be permanently deleted from their computer, and the higher the ransom is to get that all important decryption key.

This particular ransomware variant creates a copy of all your personal files, encrypts the copy and adds the .FUN extension to them to show they have been encrypted. It then deletes the originals leaving only the encrypted copies on the computer hard drive. It also asserts that 1000 files will be deleted if the user attempts to reboot their computer – something that would be necessary to do in order to try and put the computer into safe mode to try and remove the ransomware infection.


Sponsored Content. Continued below...




The good news with this piece of ransomware however, is that the authors have gone in the direction of style over substance. Despite the scrolling text, ominous countdown timer, Billy the Puppet and a host of extravagant graphics, the code used to encrypt the files is vulnerable to reverse engineering. This means that the good guys have been able to see the source code used by the malware and in turn retrieve the decryption key without having to pay the bad guys to get the files back. Forcepoint managed it and detailed it here.

Don’t count on that escape route when it comes to more sophisticated strains of ransomware though. The most successful ransomware outfits have not been cracked, nor is it likely they ever will be.

The Jigsaw ransomware essentially goes to show how far ransomware is coming. It’s not an obscure variety of malware used only by the criminal elite. It’s mainstream, to the point that variants are appearing that are now ripping off Hollywood movies. Read our article on ransomware – what it is – and how to avoid it here.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)