Meet Jigsaw, the ransomware that taunts victims and offers live support

Share this…

As data-encrypting malware proliferates, new entrants search for ways to stand out.

In the case of Jigsaw, a ransomware package that was first spotted in April by researchers with the Bleeping Computer security site, the answer is to be as brazen and mean-spirited as possible while at the same time making the payment process as easy as possible. A case in point: Jigsaw not only threatens the permanent loss of personal data, it also holds out the fear that victims’ dirty laundry will be published for all to see. And it uses a taunting tone when notifying people of their options. Witness the screenshot above from a recent version. It states:


Very bad news! I am a so-called ransomware/locker with following advanced functions: Encrypting all your data.
Collecting all logins, contacts, eMail, Passwords and Skype History …..Done!
Uploading all of it on a server …………………Done!
Sending a copy of those Datas to ALL of your contacts…………..Pending

The doxing threat, which was added last week, is pure evil genius because it gives victims a strong incentive to pay the ransom even when the purloined data is available on a backup drive.

“I want to play a game with you”

Jigsaw has long been known for mocking its victims. Early versions displayed a message saying, “I want to play a game with you” and then explained that “only a few” files would be deleted in the first 24 hours after infection, a “few hundred” on the second day, and a “few thousand” on the third. “Yes you will want me to start next time, since I am the only one that is capable to decrypt your personal data for you. Now, let’s start and enjoy our little game together!”

But creep factor isn’t the only thing setting Jigsaw apart. Earlier this month, according to Trend Micro researchers, it added live support to help victims obtain the bitcoins required to pay ransoms.

Jigsaw is by no means the only ransomware trying to stand out. A recently discovered campaign targeting Office 365 corporate users plays an audio file that informs users that their data has been encrypted, while displaying a similar message on screen.

As always, computer users should remain highly vigilant when viewing e-mail and be especially wary of messages with attachments, particularly if they’re in the form of JavaScript code or Microsoft Word documents that ask that macro functions be turned on. Users should also keep their operating system and browser fully updated to prevent drive-by download attacks. People and businesses should also keep regularly created redundant backups of all their computer files.