German Jigsaw .spaß

What is German Jigsaw .spaß?

If you use the German language on your operating system, you are the prime target of German Jigsaw .spaß malware, a malicious file-encrypting infection that was created to make you pay a huge ransom in return for a file decryptor. The ransom is $500, but you are requested to pay it in Bitcoin, which is a highly popular crypto-currency. At the time of research, $500 (if we assume that $ stands for USD) converted to around 0.12 BTC. Of course, you should check the conversion rates yourself because they shift often. Whether you think this ransom is big or small, paying it is a bad idea. If you make the payment to the 1CpnhbLaqLj5NgXwYVQ5aXmrMzvhzjehmm Bitcoin Wallet, your money will be gone forever. Recovering it will not be possible. Unfortunately, that is why cyber criminals are unlikely to give you a decryption key. They simply do not need to, and they cannot be forced to do it. Of course, the choice is yours, and if you decide to take the risk, you are free to do so. If a miracle happens, and your files are restored, do not forget that you must delete German Jigsaw .spaß malware ASAP. Different removal methods are discussed in this post.test

How does German Jigsaw .spaß ransomware work?

German Jigsaw .spaß ransomware is the newest variant of the Jigsaw Ransomware, a widely researched and well-known infection. Regardless of who is the actor behind this malware – and we do not know whether that is the same party or several different parties using the same malicious code – this malware acts the same. First, it must access the operating system. That can be done using existing vulnerabilities and well-known tricks. For example, the executable of the infection could be sent to you via a misleading email, and you might open it without suspecting anything malicious to happen. If you click the attachment, the devious German Jigsaw .spaß ransomware is executed silently. Other methods exist as well, and cyber criminals are capable of adapting to the situation and discovered vulnerabilities. Once in, this malware creates copies just like the previous versions did. Our tests have shown that this threat creates two unique copies: %LOCALAPPDATA%\Drpbx\drpbx.exe and %LOCALAPPDATA%\Google (x86)\Chrome32.exe. The malicious Chrome32.exe copy also has a RUN point of execution in the Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Unfortunately, unless you delete the launcher and its copies right away, your files are doomed.

During encryption, German Jigsaw .spaß ransomware goes after all of your personal files on your PC. Your photos, archives, shortcuts, documents, presentations, videos, and music files can be encrypted with a strong encryption key that cannot be decoded by legitimate software or even by experts. Files’ names are not changed, but the “.spaß” extension is appended. Unfortunately, you are unlikely to see that because the ransomware immediately launches a window and discourages you from closing it. The window presents a message that, in German, threatens to delete 1000 files if you closed it. The message also threatens to start deleting files every hour after the first 60 minutes. A timer is shown on the window as well. Basically, you are given 60 minutes to purchase Bitcoins and send them to the presented Bitcoin Wallet. You are also asked to send an email once you do that. Would cyber criminals respond to you fast enough? Would they give you a decryptor? Would they remove your files? They are completely unpredictable, and you certainly cannot trust their promises. Our research team suggests that you should not pay the ransom, even if that means losing files.

How to delete German Jigsaw .spaß malware

You need to remove German Jigsaw .spaß ransomware quickly. While it is still present on your system, do not create or transfer any new files, unless it is a launcher of an anti-malware program. New files are at risk of being encrypted too, and so if you decide to install anti-malware software, execute it ASAP. It will automatically find and delete German Jigsaw .spaß ransomware, along with other threats that might exist. It will also reinstate protection and security of your operating system, which, needless to say, is incredibly important for your future. You might also be able to remove the infection manually (refer to the instructions below). Are your files backed up? If they are, the elimination of the threat and the protection of the system are the only issues you have. If you are not in the habit of backing up files, change that now for your own good.

Removal Instructions

  1. Simultaneously tap keys Ctrl+Alt+Delete.
  2. Click Start Task Manager.
  3. Move to the Processes menu.
  4. Identify malicious processes, right-click, and choose Open file location.
  5. In the Processes menu, terminate all malicious processes.
  6. In the location of malicious files, right-click them, and choose Delete.
  7. Simultaneously tap keys Win+E to launch Explorer.
  8. Type %LOCALAPPDATA% into the bar the top and tap Enter.
  9. Right-click and Deletethese folders:
    • Google (x86) (if it has Chrome32.exe inside)
    • Drpbx (if it has drpbx.exe inside).
  10. Simultaneously tap keys Win+R to launch RUN.
  11. Type regedit.exe and click OK to launch Registry Editor.
  12. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  13. Right-click and Delete the value called Chrome32.exe.
  14. Exit all windows and then Empty Recycle Bin.
  15. Install a malware scanner and run a complete system scan. 100% FREE spyware scan and
    tested removal of German Jigsaw .spaß*


Leave a Comment

Enter the numbers in the box to the right *