Malware researchers have released a tool that can decrypt files affected by the new threat Understanding how to buy bitcoins and pay ransomware authors for decryption keys is hard enough, yet some cybercriminals now expect their victims to do it in under an hour if they want all of their files back.A new ransomware program dubbed Jigsaw encrypts users’ files and then begins to progressively delete them until the victim pays the equivalent of $150 in Bitcoin cryptocurrency.The ransomware deletes one file after the first hour has passed and then increases the number of files it deletes in every 60-minutes cycle. If no payment has been made within 72 hours, all remaining files will be deleted.“Try anything funny and the computer has several safety measures to delete your files,” the program’s creators warn in their ransom message that’s accompanied by a picture of the Jigsaw killer’s mask from the horror film series Saw. That’s not an idle threat. According to computer experts from tech support forum BleepingComputer.com, the ransomware program deletes 1,000 files every time the computer or its own process is restarted.“This is the first time that we have seen these types of threats actually being carried out by a ransomware infection,” said BleepingComputer.com founder Lawrence Abrams in a blog post. The good news, for now, it that malware experts have devised a method to decrypt files affected by Jigsaw without paying the ransom.The first thing that users affected by this ransomware program should do is to open the Windows Task Manager and terminate all processes named firefox.exe or drpbx.exe that were created by the ransomware, Abrams said. Then they should launch the Windows MSConfig utility and disable the startup entry that points to %UserProfile%AppDataRoamingFrfxfirefox.exe.This will stop the file deletion process and will prevent the malware from restarting when the system boots up.They can then download the Jigsaw Decrypter utility hosted by BleepingComputer.com and decrypt their files. When that’s done it’s highly recommended that users download an up-to-date anti-malware program and perform a full scan of their computer to completely remove the ransomware.In November, another ransomware program dubbed Chimera threatened to leak users’ files on the Internet. However, no evidence has been found that the program actually had the capability to do this.By comparison, Jigsaw does deliver on its threats and marks a worrisome evolution of ransomware threats. While security experts managed to find a method to decrypt files this time, there’s no guarantee that they’ll be able to do the same for future versions. Ransomware creators are typically quick to fix their errors. Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe