New Crypto-Ransomware JIGSAW Plays Nasty Games

Updated October 6, 2023

Crypto Ransomware has been progressing immensely in recent weeks and now it has taken a massive step in order to cast further pressure on the computer users. A new malware, named as JIGSAW has arrived on the world screen and it really is a creepy virus, to say the least. If you have seen a film named as SAW, this virus works in a similar fashion as far as a computer is concerned.

After deleting the files and stopping the users from accessing their computer, this virus then demands ransom. And to make matters worse, it also displays a horror puppet named as Billy, which also belongs to the horror film mentioned above.

So when different types of malware are there on the internet, it is to no surprise to everyone that Crypto-Ransomware has a marked edge over its competitors in terms of extracting money from the user. Many criminals have already started to use this for achieving their criminal tasks and to demand ransom. The word JIGSAW is actually used to put more pressure on the user because its programming is not much different to other malware.

Crypto-Ransomware JIGSAW

Infection and distribution

According to expert analysis, JIGSAW’s origin is a file downloaded from a specific web address, which has been previously used for distributing malware like FAREIT and COINSTEALER. Even though that web page has already removed such infected links from their website, but JIGSAW is still available in different forms on the internet. Thus, there is every reason for us to be fearful of that Ransomware.

Mind Games

Now once the infected file is installed on one’s computer, the user then comes across a threatening note, demanding a specific amount of money from him. That message can be in English or Portuguese, with the amount of ransom increasing after the passage of every deadline. And to pile more misery on the user, JIGSAW deletes a huge number of files with every hour until the ransom is being paid.

So when the user is under intense pressure to pay the ransom in order to save his important files, he is forced to do that in a speedy fashion. Starting from US$20, the ransom money can become as big as US$150.

Only one of its kind, JIGSAW deletes the original files but keeps a copy of them with an extension of .fun files. There are other types of extensions as well, varying from .KKK,BTC and .GWS.

Coming back to the ransom note, it also includes a message that if the user does anything silly, that is if he decides to boot the computer than JIGSAW will delete almost 1000 of the important files on that computer without keeping any copy of them. And if the user decides to restart his computer, a similar kind of message is again displayed. So if he fails to pay the ransom in almost 3 days, all the decoded data will be deleted.

While its working is so efficient, it’s programming doesn’t fall in the same category. As compared to other malware, JIGSAW has a straight forward structure with nothing complex in it. But that doesn’t stop it from extracting a good amount of money from the user as JIGSAW is considered as one of the most effective methods in Ransomware.


JIGSAW can also be installed on your computer via porn sites. According to a research, there is one type of this malware which doesn’t use Billy image to scare the users but it works in a completely different fashion. Showing Adult images on the desktop of an affected computer, JIGSAW tries to extract the money by shaming the user of watching porn. Apart from this, it demands the same ransom as that of its other versions and works in a similar manner as well.

There is one other type of JIGSAW which uses Pink flowers as its display image while demanding ransom from the user.

Bigger Picture

Talking about the fear factor, JIGSAW isn’t the only one which is relying on it to extract notable money from the user. There is a crypto-ransomware named as MAKTUBLOCKER which sends an email containing an infected file to different users. And to make matters worse, that email seems to come from a legitimate address since its outer body (User Name, Mail Address) is no different from that of ordinary mail. So crypto-ransomware are now devising new but effective methods of extracting money from their victims.


When a Crypto-Ransomware is almost impossible to get away from, it is being instructed that one should keep a regular backup of all the important files on his/her computer. So even if the ransomware strikes, that wouldn’t cast much damage to the owner of the infected computer. It is worth mentioning here that there is absolutely no guarantee that despite paying the demanded ransom, the hacker will decode the files on that computer.

Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.