How to remove Jigsaw ransomware and decrypt .FUN, .KKK, .GWS, .BTC files

What is Jigsaw ransomware?

Jigsaw ransomware is an encryption virus that on the whole resembles such infections as TeslaCrypt, Locky ou Cerber ransomware. Alike these notorious viruses, Jigsaw infiltrates systems covertly and finds the files of certain extensions to encrypt them with an ARS code, and in the end it sets a message to inform a victim about payment terms. The threat demands $150 USD which should be transferred in BitCoins. The characteristic that makes Jigsaw ransomware different from other threats of the type is that the ransomware not only encrypts the files but also removes them, if the payments is not made in time, which is 1 hour. At the end of every hour the Jigsaw ransomware will restart increasing the amount of eliminated files. This time limit and a red countdown timer should add psychological pressure to victims and force them to pay. Though the danger is serious and frightening, here we provide some tips on how to remove Jigsaw ransomware.

 Jigsaw ransomware

Symptoms of Jigsaw ransomware infection

Il est difficile de ne pas remarquer ransomware, car il a souvent l'un des processus responsables de l'affichage d'un message de notification. Cette fenêtre bloque l'écran en laissant les alternatives minimum utilisateur. outre, certains fichiers seront inaccessibles, comme dans de nombreux cas, les encrypte ransomware exaspérer l'effet faire peur.

How Jigsaw ransomware got installed on your computer

The methods with which Jigsaw spreads is not yet specified. Presumably the encryption virus may spread as other ransomware threats did. If it is so, then Jigsaw is distributed through spam message attachments or infected sites, links to which can also be spread through these e-mails. It’s better to be safe than sorry, so when receiving a message from an unknown sender, check its theme and preview for mistakes or misspellings. If you still want to read it, pay attention to attachmentsyou should scan them with anti-malware or antivirus before. As for browsing, we can only advice avoiding visiting unverified sources and clicking in-browser ads.

What to do if your PC is infected with Jigsaw ransomware

Dès que vous remarquez la présence du ransomware sur votre système, vous devez éteindre votre ordinateur. S'il est possible d'essayer de créer une sauvegarde ou une image de vos informations sur le disque dur. Cela peut vous permettre de réserver l'état de vos disques en cas d'une méthode de déchiffrement serait créé par la suite.

How to remove Jigsaw ransomware?

Pour vous assurer que l'adware ne réapparaît pas, you need to delete Jigsaw ransomware completely. Pour cela, vous devez supprimer les fichiers et les entrées de registre du ransomware. Nous devons vous avertir que l'exécution certaines des étapes peut nécessiter des compétences supérieures à la moyenne, donc si vous ne vous sentez pas assez d'expérience, vous pouvez demander à l'outil de la suppression automatique.

Télécharger Norton

Steps of Jigsaw ransomware manual removal

Redémarrez Windows en mode sans échec

Pour Windows 7, 8, XP and Vista:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

Pour Windows 10:

  1. In the Start menu click on the power button
  2. Hold Shift and choose Restart
  3. Choose Troubleshoot
  4. In the Advanced Options choose Startup Settings
  5. Click Restart
  6. Select Enter Safe Mode With Networking

Delete files and registry entries added by Jigsaw ransomware

Maintenant, vous serez en mesure d'atteindre les fonctions nécessaires et les fichiers. Pour l'élimination de l'activité ransomware, vous devez trouver tous les éléments suivants et les supprimer.

Remove Jigsaw ransomware files and folders:

%UserProfile%\AppData\Roaming\Frfx\
%UserProfile%\AppData\Roaming\Frfx\firefox.exe
%UserProfile%\AppData\Local\Drpbx\
%UserProfile%\AppData\Local\Drpbx\drpbx.exe
%UserProfile%\AppData\Roaming\System32Work\
%UserProfile%\AppData\Roaming\System32Work\Address.txt
%UserProfile%\AppData\Roaming\System32Work\dr
%UserProfile%\AppData\Roaming\System32Work\EncryptedFileList.txt

Remove Jigsaw ransomware registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe %UserProfile%\AppData\Roaming\Frfx\firefox.exe

Restore the files encrypted by Jigsaw ransomware

Utilisez l'outil de décryptage

The good news for all affected by Jigsaw ransomware is that there is a decryption tool released. First thing you should do to stop the ransomware activity is to stop two processes: firefox.exe et drpbx.exe

  1. Pressez Ctrl+Alt+Del
  2. Cliquez sur Gestionnaire des tâches
  3. Right-click the processes and choose Processus final

Then remove the firefox.exe process from the startup list, so the ransomware wouldn’t restore itself with every boot.

  1. Pressez Win + R simultaneously
  2. Type msconfig et appuyez sur Entrer
  3. Allez à la Startup languette
  4. Uncheck the process and click D'accord

Now you can proceed to files restoration.

  • First thing you need to do is to à download the decryption tool and extract it.
  • Then launch the program by double-clicking the JigSawDecrypter.exe file
  • Now choose the location of the encrypted data and click Decrypt My Files
  • There is an option of decrypting the whole drive, however we recommend to try the application out on a separate folder to make sure that it works properly.
  • After that you may select the C: drive and check the Delete Encrypted Files option.

Restaurer le système

  1. Initiate the search for ‘system restore
  2. Cliquez sur le résultat
  3. Choose the date before the infection appearance
  4. Suivez les instructions à l'écran

Rouler des fichiers à la version précédente

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Laissez un commentaire

Votre adresse email ne sera pas publiée. les champs requis sont indiqués *