Jigsaw Ransomware (.fun extension)

Posted by Lisa Blanc on March 14, 2019

What is Jigsaw Ransomware (.fun extension)?

French is the official language in 29 countries around the world, and millions of people speak it. Jigsaw Ransomware (.fun extension) is targeted at all of those people. It is possible that the threat has a more specific target, but that is unknown at this point. The infection was created to encrypt files, and, unfortunately, it is likely to do that successfully if it gets the chance. What you want to do is strengthen your operating system’s defenses against this malware to keep it away. If you are too late, it is important that you delete Jigsaw Ransomware (.fun extension), but note that that will not restore your files. If they were encrypted, you are screwed. Of course, if backups exist outside the infected PC, you should not suffer any lasting consequences. Once you remove the infection and replace the corrupted files with their backup copies, you will be back to normal. That being said, we hope that you learn from this attack and remember to keep yourself and your system protected at all times.test

How does Jigsaw Ransomware (.fun extension) work?

You can identify Jigsaw Ransomware (.fun extension) by the extension is adds to the files that it corrupts. You should notice the “.fun” extension appended to .jpg, .jpeg, .raw, .tif, .gif, .png, .docx, .pdf, .xls, .avi, .mov, .mp4, and various other types of files across your entire operating system. The infection does not care about which files it affects – as long as they are not important system files – because it simply wants to back you into a corner. Once you realize that your files are “locked” and that you cannot open them normally, you should start looking for ways to restore them. At the time of research, legitimate software that could solve the problem did not exist, and decrypting these files manually is not possible, especially if you are not an expert at encryption. In the eyes of Anti-Spyware-101.com researchers, decrypting files corrupted by Jigsaw Ransomware (.fun extension) is not possible, but that is not what the creators of this infection want you to know. That is because they use this disgusting situation to blackmail you into paying money for a tool that, allegedly, could restore your file.

After the files are encrypted, Jigsaw Ransomware (.fun extension) launches a window with a timer (counts down 1 hour) and a ransom message in French. It urges the victim to pay a ransom of 300 EUR in Bitcoin. This crypto-currency is extremely popular amongst cyber attackers who need an anonymous platform to receive and realize ransom payments without getting in trouble. The note also warns that the ransom would grow if it was not paid in the given time. Where’s proof that you will get a decryptor you need to restore your files? You don’t have it, and that is why you must understand that paying the ransom would be a huge risk. We do not recommend taking it. Even if you pay, you are likely to remain stuck with your personal files locked up. If that happens, take this as a lesson to take better care of your files and your virtual security overall.

How to delete Jigsaw Ransomware (.fun extension)

You do not want to succumb to the demands of Jigsaw Ransomware (.fun extension) creators, and they demand a huge ransom for a decryptor that you are unlikely to get regardless of what you do. Unfortunately, decrypting files manually is not an option either, which is why some victims might decide to take the risk. Hopefully, you do not need to do that because your files are backed up, and you can easily replace the infected files with the backup copies. In both cases, it is extremely important that you remove Jigsaw Ransomware (.fun extension) from your operating system. Can you do it manually? That depends on your experience, but even if you are experienced, you need to think about your virtual security after you remove the threat, and an anti-malware program can take care of that. It also can automatically delete all existing threats, which is why our research team advises installing it without any hesitation.

Removal Guide

  1. Locate the {unknown name}.exe file that launched the threat, right-click it, and choose Delete.
  2. Right-click and Delete folders named Frfx and Drpbx in these directories (launch Explorer by tapping Win+Ekeys and enter the paths into the quick access box):
    • %APPDATA%
    • %LOCALAPPDATA%
    • %USERPROFILE%\Local Settings\Application Data\
  3. Access the Registry Editor (launch RUN by tapping Win+R and enter regedit.exe into the dialog box).
  4. Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  5. Right-click and Delete the value called firefox.exe.
  6. Exit all windows and Empty Recycle Bin.
  7. Perform a full system scan to check if there are leftovers you need to delete. 100% FREE spyware scan and
    tested removal of Jigsaw Ransomware (.fun extension)*

Stop these Jigsaw Ransomware (.fun extension) Processes:

drpbx.exe
5acfeb0b16ade40d1d3f0299c9751d3351ea706ee28b58e0e87a61a64fdfcfdf.exe
firefox.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *