The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Jigsaw (named after the fictional character) which encrypts the system files and also deletes them if the payment is not made on time.
The Trojan poses as firefox with the following properties:
The Trojan adds the following files to the filesystem:
%APPDATA%\Roaming\Frfx\firefox.exe (copy of original) [Detected as GAV: Jigsaw.A (Trojan)]
The Trojan creates the following key to the Windows registry to enable startup after reboot: