Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Jigsaw (ransomware)

From Wikipedia, the free encyclopedia
Encrypting ransomware created in 2016
Jigsaw
Technical nameBitcoinBlackmailer
ClassificationRansomware
Isolation date2016
Technical details
PlatformWindows
Size284 KB
Written inVB.net

Jigsaw is a form of encryptingransomwaremalware created in 2016. It was initially titled "BitcoinBlackmailer", but later came to be known as "Jigsaw" due to featuring an image ofBilly the Puppet from theSaw film franchise.[1] The malware encrypts computer files and gradually deletes them, demanding payment of a ransom to decrypt the files and halt the deletion.[2]

History

[edit]

Jigsaw was designed in April 2016 and released a week after creation.[1] It was designed to be spread through malicious attachments in spam emails.[3] Jigsaw is activated if a user downloads the malware program which will encrypt all user files andmaster boot record.[4] Following this, a popup featuring Billy the Puppet will appear with the ransom demand in the style ofSaw'sJigsaw (one version including the "I want to play a game" line from the franchise) forBitcoin in exchange for decrypting the files.[5] If the ransom is not paid within one hour, one file will be deleted.[5] Following this for each hour without a ransom payment, the amount of files deleted is exponentially increased each time from a few hundred to thousands of files until the computer is wiped after 72 hours.[2] Any attempt to reboot the computer or terminate the process will result in 1,000 files being deleted.[5] A further updated version also makes threats todox the victim by revealing their personal information online.[6]

Jigsaw activates purporting to be eitherFirefox orDropbox in thetask manager.[2] As Jigsaw stores the decryption key statically in the binary, it can be extracted from the binary using a hex editor or .NET decompiler to remove the encryption without paying the ransom.[1]

Reception

[edit]

The Register wrote that "Using horror movie images and references to cause distress in the victim is a new low."[1] In 2017, it was listed among 60 versions of ransomware that utilised evasive tactics in its activation.[7]

References

[edit]
  1. ^abcd"Saw-inspired horror slowly deletes your PC's files as you scramble to pay the ransom". The Register. Retrieved2018-02-20.
  2. ^abcOsborne, Charlie (2016-04-22)."Tick, tock: Jigsaw ransomware deletes your files as you wait". ZDNet. Retrieved2018-02-20.
  3. ^"Jigsaw ransomware: Saw-inspired malware deletes files bit by bit hourly until you pay".International Business times. 2016-04-14. Retrieved2018-02-20.
  4. ^"Jigsaw ransomware wants to play a game with you". Geek.com. 2016-04-13. Archived fromthe original on 2018-07-18. Retrieved2018-02-20.
  5. ^abc"Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom". Bleeping Computer. 2016-04-11. Retrieved2018-02-20.
  6. ^Goodin, Dan (2016-06-28)."Meet Jigsaw, the ransomware that taunts victims and offers live support". Ars Technica. Retrieved2018-02-20.
  7. ^"Minerva Labs Releases Evasive Malware 2017 Year in Review". Prnewswire.com. 2017-12-07. Retrieved2018-02-20.
Hacking in the 2010s
Major incidents
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
Hacktivism
Groups
Individuals
Majorvulnerabilities
publiclydisclosed
Malware
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
Films
Characters
Video games
Music
Miscellaneous
Retrieved from "https://en.wikipedia.org/w/index.php?title=Jigsaw_(ransomware)&oldid=1238789790"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp