Jigsaw-Dat Ransomware

What is Jigsaw-Dat Ransomware?

Jigsaw-Dat Ransomware is to blame if your files are encrypted and have .dat extension. This malicious application was created for money extortion, so by enciphering user’s data, it takes it as a hostage and to receive a ransom the cybercriminals leave a note asking to pay for decryption tools. Unfortunately, there is no way to know if the hackers will hold on to their word and allow you to decrypt your files after paying a ransom. Therefore, we advise not to gamble with your savings. Users who choose to erase it could follow the instructions available at the end of this article. Nevertheless, if you need more information before making your decision, you should keep reading this text and learn more about Jigsaw-Dat Ransomware.

Where does Jigsaw-Dat Ransomware come from?

The malicious application might settle in after the victim opens its launcher. Needless to say, no one would open it willingly knowing what harm it may cause, which means the malware’s installers could be disguised to look reliable. For instance, Jigsaw-Dat Ransomware’s launcher might seem like a text document and arrive with Spam emails, or it could look like a software installer offered on some file-sharing website. Moreover, there is also a possibility the threat could be dropped without the user’s permission after finding a vulnerability in the system to exploit. Thus, it is crucial to both secure the system and watch out for questionable content while surfing the Internet if you do not want to come across such malware again.

How does Jigsaw-Dat Ransomware work?

For starters, Jigsaw-Dat Ransomware should create two copies of its launcher (might be called firefox.exe and drpbx.exe) in the %APPDATA%\Frfx and %LOCALAPPDATA%\Drpbx folders. The locations titled Frfx and Drpbx should be created by the malware. Right after placing the listed executable files it may create a Registry entry in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run location. Our researchers at Anti-spyware-101.com say the value name created in this directory should make the computer launch the threat automatically every time the computer is restarted.

Later on, the malicious application might start enciphering user’s photos, videos, archives, and lots of other private files. Each encrypted file should be given a second extension, e.g., text.docx.dat. By the time Jigsaw-Dat Ransomware finishes enciphering your data, it should open a pop-up window with a ransom note. In the background, the user should see a picture of a man and a clock counting down the time in which the victim is asked to pay a ransom. In fact, the note claims the encrypted files will be deleted bit by bit if the user does not send at least 300 US dollars. Plus, the amount is supposed to be paid in Bitcoins, and the warning claims some of the files will be removed just for closing the malware’s window. Without the decryption tool encrypted data is already lost, so its elimination may not make any difference. However, in some cases volunteer IT specialists manage to create free decryption tools. Consequently, in the hope, the threat might become decryptable we would recommend erasing the malicious application at once if you do not want to pay a ransom.

How to remove Jigsaw-Dat Ransomware?

There are two ways to get rid of this malware. If you feel experienced enough you could try to complete the steps we added at the end of this text; they will show how to remove Jigsaw-Dat Ransomware manually. The other option is to employ a legitimate antimalware tool and perform a full system scan. The moment it is finished the chosen tool should provide a list of detections and a deletion button allowing to erase them all at once.

Eliminate Jigsaw-Dat Ransomware

1. Tap Ctrl+Alt+Delete.
2. Launch Task Manager.
3. Look for the threat’s process.
4. Select the malicious process and press End Task.
5. Leave the Task Manager.
6. Click Windows key+E.
7. Find these folders:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Find the malware’s launcher, then right-click it and press Delete.
9. Go to:
   %APPDATA%
   %LOCALAPPDATA%
10. Find folders named Frfx, Drpbx, or similarly (inside you should find files titled drpbx.exe, and so on); right-click them and press Delete.
11. Exit File Explorer.
12. Press Windows key+R.
13. Insert Regedit and press Enter.
14. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run
15. Search for a key related to the malicious application.
16. Right-click the mentioned key and press Delete.
17. Close Registry Editor.
18. Empty your Recycle bin.
19. Restart the system. Download Removal Tool100% FREE spyware scan and
    tested removal of Jigsaw-Dat Ransomware*

Stop these Jigsaw-Dat Ransomware Processes: