New ransomware strain rips off the ‘Saw’ movies

ByCraig Haley

The number of different strains of ransomware out in the wild is growing quickly. And now ransomware authors are getting rather cocky and even a tad gaudy with their malware products, as the latest ransomware strain – dubbed Jigsaw – demonstrates.

The ransomware essentially uses images and characters from the popular Saw movie franchise to instil even more dread and fear into those the ransomware manages to infect.

Not only do you face the prospect of having all your personal files encrypted, the malware also brings up the Billy the Puppet character (below) along with typed instructions appearing on the screen one letter at a time that include the famous “I want to play a game” line from the movie.

Ransomware is a type of malware that – upon installation – encrypts all of a users files and forces them to pay a ransom to get a decryption key. Learn how to avoid the Jigsaw ransomware (and other versions) in our article here.

jigsaw1

jigsaw2

The ransomware claims that the longer the victim waits to pay for the decryption key, the more files that will be permanently deleted from their computer, and the higher the ransom is to get that all important decryption key.

This particular ransomware variant creates a copy of all your personal files, encrypts the copy and adds the .FUN extension to them to show they have been encrypted. It then deletes the originals leaving only the encrypted copies on the computer hard drive. It also asserts that 1000 files will be deleted if the user attempts to reboot their computer – something that would be necessary to do in order to try and put the computer into safe mode to try and remove the ransomware infection.


Sponsored Content. Continued below...




The good news with this piece of ransomware however, is that the authors have gone in the direction of style over substance. Despite the scrolling text, ominous countdown timer, Billy the Puppet and a host of extravagant graphics, the code used to encrypt the files is vulnerable to reverse engineering. This means that the good guys have been able to see the source code used by the malware and in turn retrieve the decryption key without having to pay the bad guys to get the files back. Forcepoint managed it and detailed it here.

Don’t count on that escape route when it comes to more sophisticated strains of ransomware though. The most successful ransomware outfits have not been cracked, nor is it likely they ever will be.

The Jigsaw ransomware essentially goes to show how far ransomware is coming. It’s not an obscure variety of malware used only by the criminal elite. It’s mainstream, to the point that variants are appearing that are now ripping off Hollywood movies. Read our article on ransomware – what it is – and how to avoid it here.