Jigsaw Ransomware spotted in the wild

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Jigsaw (named after the fictional character) which encrypts the system files and also deletes them if the payment is not made on time.
Infection cycle:
The Trojan poses as firefox with the following properties:
The Trojan adds the following files to the filesystem:
  • %APPDATA%\Roaming\Frfx\firefox.exe (copy of original) [Detected as GAV: Jigsaw.A (Trojan)]

The Trojan creates the following key to the Windows registry to enable startup after reboot:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""%APPDATA%\Roaming\Frfx\firefox.exe""

It displays the following iconic image and the message while encrypting the files:
It starts countdown and threatens to delete the files mentioned each hour.
The trojan finds the following files on the victim's machine and encrypts them:
It copies the filenames before encrypting at the following location:
It encrypts all the victims files listed above with .fun extension.
When trying to close the ransom window, it displays the following message:
It checks for the payment contacting the C&C server:

It's time to update your security devices to avoid this kind of trojan.
Have  a good time.
(Be knowledgeable, pass it on then)

1 comments:

Paddy Power Casino - Mapyro
Looking for 계룡 출장샵 the nearest Paddy Power 문경 출장안마 Casino? Find the BEST and NEWEST PADDY POWER CASINO in 원주 출장샵 Paddy Power Address: 2121 W 공주 출장안마 River Road, Belfast, NI 60230, 창원 출장샵 United Kingdom.

Reply

Post a Comment