Jigsaw ransomware 2.0: A fake or work in progress?

Just recently we reported on various ransomware types that failed in their malicious intentions. Some were cracked by security experts due to poor implementation, while others flopped because the decryption key had been ‘left’ on the victims’ machine, allowing decryption of files without paying the ransom.

But the threat seen by ESET researchers over the few last days falls into an entirely different category. As the detection name suggests, MSIL/Hoax.FakeFilecoder.A – dubbed also Jigsaw 2.0 – is not a fully-fledged ransomware, but it does try to feed off of ransomware’s current popularity amongst cybercriminals.

“So why is it labeled as hoax?” you might ask. Well, it lacks the main functionality of extortion malware – it can’t encrypt victims’ files, nor can it block access to the device. Mimicking recent failsomware Jigsaw (free decryptor available online), MSIL/Hoax.FakeFilecoder.A uses the graphics from the movie Saw, threatening to delete users’ files. As ESET analysis has proven, these claims are false as well.

“The threat posed by ransomware should not be underestimated.”

Nevertheless, the threat posed by ransomware should not be underestimated as the number of its detections are on the rise. Even Jigsaw 2.0 has the potential to become dangerous and effective in the near future, if malware writers have more time to fiddle with it.

Jigsaw ransomware

That is also the reason why users should keep their operating system and software updated; use a reliable security suite with multiple layers of protection; and regularly backup all important and valuable data at an offline location (such as external storage).

Also all users should be very careful when clicking on suspicious objects in email or their browsers. If they receive a message from an unknown source or it looks suspicious, they should delete it.

Author , ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.