Jigsaw Ransomware – What is it and How to Protect?

Getting infected by unwanted ransomware can be an actual cause of trouble. Jigsaw is a prime example of a well-known ransomware that encrypts the user data in exchange for some money. 

While a lot of users all around the world often get trapped by this ransomware, it becomes essential to know the trick to escape this fraud. This will not only prevent the user’s data but also give them an upper hand on how to deal with such attacks. Here is all you need to know about this ransomware and how to deal with it.

Article Summary

  1. What is it? – Jigsaw is ransomware that attacks a system to encrypt its entire data in exchange for a heavy sum of money. If the demanded amount is not paid, the ransomware keeps on deleting sensitive data files from the victim’s computer system.
  2. How to Remove? – To get rid of the Jigsaw ransomware, you must end its processing in the task manager and use the “Checkpoint Jigsaw Puzzle Solver” to recover all your data back safely.
  3. Stay Protected – It is impossible to unlock the encrypted files. All we can do is protect yourself from future ransomware attacks. It is possible to shield yourself by using a powerful antivirus program like TotalAV. It offers all round protection from different types of malware at an affordable price.

What is Jigsaw Ransomware?

The Jigsaw ransomware is a Windows-based ransomware that first came into notice in 2016. Also known as the Bitcoin Blackmailer, this ransomware is known to blackmail its target victims in exchange for a good sum of money. Since 2016, many new variants of the Jigsaw ransomware have been seen.

The main agenda of this ransomware is similar to any other virus or malware, i.e. to yield a heavy amount from the victims. Although, this ransomware adopts a somewhat different approach to achieve its goals. 

Inspired by the horror movie named Saw, the Jigsaw ransomware encrypts the entire data of the victim’s computer through the AES encryption technique. In exchange for the user’s sensitive data, the attacker then demands a bitcoin equivalent to $150 before the countdown timer ends, which was started as soon as the files were encrypted. If the demanded amount is not paid within the time limit, one file is deleted, followed by another one after the second countdown ends. As time passes, this ransomware keeps on deleting sensitive files from the system.

This ransomware is known to be able to encrypt around 226 types of files, and therefore no data can escape its traps. This is how it lays its hands on a vulnerable system.

Jigsaw Ransomware

Threat Analysis

NameJigsaw Ransomware
Threat TypeRansomware
SymptomsFile Encryption/Direct messages for a ransom
Distribution MethodSpam Emails/Unknown websites
DamageEncrypts and deletes sensitive files
RemovalEnding the working of the ransom and tricking it through a Jigsaw Puzzle Solver file. Use Anti-Ransomware tool.

How did I Get Infected?

One of the most prominent ways through which the Jigsaw ransomware is known to enter a system is through spam emails. The attackers aim at a wide range of audiences to whom a fraud or spam email is sent. Usually, the Jigsaw virus is sent as an attachment with these spam emails. 

As soon as the victim opens the attachment in the email, the ransomware is automatically installed in the system. The Jigsaw ransomware often hides under the name of files like “firefox.exe” or “drpbx.exe”. Once the file is opened, the ransomware itself writes a launching code for itself and makes a smooth path to enter the system.

While spam emails are the most common ways through which the Jigsaw ransomware attacks a system, many of its variants can also be found on Adware and inauthentic websites. Thus, if you have installed a random file through email or through an unknown website, it could be the reason behind your system getting infected by the Jigsaw ransomware.

How to Remove the Jigsaw Ransomware?

Manually removing threats may be a time-consuming and difficult task that needs expert-level computer knowledge. So, we recommend professional antivirus program like TotalAV which can detect and remove all traces of virus infection. It can finish the task for you in just one click.

While a lot of users try to reboot their system, hoping to get rid of the virus, it only starts up the ransomware again to delete another 1000 files. Although, the ransomware has a loophole that makes it easy to get rid of this ransomware. While the ransomware warns the victim that 1000 files from the system will be deleted if the victim tries to get rid of the ransom, this is not true. 

To manually remove the Jigsaw ransomware from your system, you must follow the below steps.

  • On your system, open the Task Manager through the “Ctrl+Shift+Esc” key combination.
  • In the task manager, right-click on the “Firefox” and “Dropbox” options and select the “End task” option. This will end the ransomware functioning in your system.
  • Now, to prevent the ransomware from getting restarted again, open the “Startup” tab in the task manager.
  • Again select the “Firefox” and “Dropbox” options and disable them. This will prevent the ransomware from restarting again once the system is restarted.
  • Download the “Checkpoint Jigsaw Puzzle Solver” from the internet and unzip the JPS.zip file.
  • Run the file as administrator and follow the steps it guides you through to uninstall the Jigsaw ransomware successfully.
  • That’s it. You have successfully protected your system against the Jigsaw ransomware. 

What the “Checkpoint Jigsaw Puzzle Solver” file does is that it tricks the ransomware into thinking the victim has successfully paid for the ransom. As a result, this will decrypt all your sensitive files and help you to recover your data back.


To conclude, the Jigsaw ransomware can undoubtedly impact your system, making a heavy loss of data. Therefore, you must remain careful against such ransomware and verify any random file before downloading or a website you are about to open. 

To stay protected against such dangerous ransom attacks, installing an efficient anti-ransomware program like can ease the work for you. This antivirus takes care of any malicious program trying to breach the security of the system or gain its control. 

Therefore, you must never consider paying for such ransom attacks and fall for the trap of the attackers. Instead, dealing with them smartly is what will prevent your data and money.  


Who created Jigsaw Ransomware?

Zagala, a Venezuelan cardiologist, is accused of creating and trading Jigsaw ransomware.

How is most ransomware paid?

Ransomware attackers demand payment through bitcoins. This is because the transactions in a blockchain cannot be tracked easily, which makes it convenient for attackers to receive the money through a secured network.

Should one pay for ransomware attacks?

To fall for such ransom traps is something you should not consider doing. Rather, you should take all the necessary steps to recover from the attack. Every ransomware has a loophole, and it must be penetrated to escape the trap of such unethical attacks easily.