Jigsaw Ransomware Adds Pornographic Twist

ransomware

The Jigsaw malware deletes files for every hour that passes until a ransom is paid

The cyber-criminals behind the Jigsaw ransomware have made changes to the program, adding a character from the Hitman video game as well as pornographic images, according to security researchers.

The ransomware is among those that have appeared with ever-greater frequency in recent months, as computer criminals are encouraged by victims’ payouts.

Aggressive threat

Cyber crime, hacker, thief © Brian A Jackson, Shutterstock 2014

Ransomware decrypts some of all of a computer system’s files and demands payment to restore access.

Jigsaw is particularly aggressive, deleting files for each hour that passes and every time the computer reboots until the user pays $150 (£105) in Bitcoins.

The new version, called CryptoHitman, appends the extension .porno to every file it encrypts. It now displays a character from the Hitman video game, as well as pornographic images, on its splash page, according to computer security expert Lawrence Abrams.

“This version will still delete your files every time you restart the process and when the timer runs down to zero,” Abrams wrote in an advisory.

File decryption

He said those affected can make use of the Jigsaw Decryptor tool developed by researcher Michael Gillespie to unlock their files. The tool has been updated to handle CryptoHitman, according to Abrams.

Before decrypting the files users must terminate two processes used by the ransomware, preventing it from deleting encrypted files, Abrams said.

Computer security firm ESET said last month that ransomware had recently seen a spike, with the UK being particularly badly hit. At one point in April one-quarter of all malware attacks detected in the UK were ransomware, ESET said.

Are you a security pro? Try our quiz!