Check Point security researchers announced at the weekend that they were able to decipher Jigsaw ransomware in its new and older versions.
Jigsaw ransomware appeared last April, and it differed from the others because if the victim did not pay them ransom άρχιζε να διαγράφει τα archives from the user's computer.
The researchers managed and developed a Decrypter for Jigsaw ransomware almost immediately after its release, but it stopped working after updates in the ransomware software. Note that Jigsaw is one of the most up-to-date versions of ransomware at this time, with new releases circulating almost weekly.
Η team της Check Point υποστηρίζει επίσης ότι εντόπισε μια αδυναμία όχι κατά τη διαδικασία της κρυπτογράφησης, αλλά στο πώς χειρίζεται το κακόβουλο λογισμικό την καταβολή λύτρων.
While other ransomware uses a Tor web page to manage payments, Jigsaw only displays a payment address Bitcoin on the victim's computer with a ransom note and asks users to click “I made a payment, give me back my files!” since of course they make the payment.
Clicking this button launches a request from the user's computer to an online API that checks whether the payment has been accepted by that Bitcoin address.
Check Point created a tool that mimics a positive API response. The tool gives Jigsaw a fake API response and the ransomware believes the payment has been made, immediately starting the decryption process that ends with unlocking all encrypted files and deleting the malware from the infected system.
You can download it from the link below.
Instructions for use:
1. Open JPS.zip.
2. In the Jigsaw Puzzle Solver folder, right click on 'JPS.exe' and 'run as administrator'.
3. Follow the instructions.
http://blog.checkpoint.com/files/2016/07/JPS_release.zip