NEWS
NEWS
NEWS
Do you want to play a game? New ransomware featuring Saw character demands Bitcoin payments
Do you want to play a game?
You may know those words from the movie Saw but unfortunately the Billy the Puppet is back by way of newly discovered ransomware.
Dubbed JIGSAW or BitcoinBlackmailer.exe, the ransomware distinguishes itself from traditional forms of ransomware by setting a very tight deadline for Bitcoin ransom payment, and to make matters worse issues multiple warnings to those infected along the way, or as DarkReading describes it “akin to how a thriller builds on suspense, fear, and horror, JIGSAW builds pressure on the victim with multiple warnings to pay the ransom or lose his or her data.”
According to Trend Micro, Inc., JIGSAW arrives as a file downloaded from a free cloud storage service named 1fichier[.]com, or from pornography sites.
Once the ransomware is installed a user is greeted by an image of Billy, and the ransom note.
The message comes in two languages: English or Portuguese; the note itself introduces the idea of exponential growth and applies it on the user’s file and the ransom amount by starting to delete files by the hour while increasing the ransom.
“Users may be pressured into paying the ransom so they may either save the remaining files or avoid paying a larger ransom. The least amount the user can pay is US$20-150,” the report notes.
After 72 hours and the ransom hitting $150, payable in Bitcoin, all of the files on the target computer are deleted.
If that’s not bad enough, users who turn off their computer to stop the attack are punished with having 1,000 files deleted when they turn the computer back on.
New low
“Using horror movie images and references to cause distress in the victim is a new low,” Forcepoint, Inc. Head of Special Investigations Andy Settle said in a blog post.
“The depths the author has gone to, with real-time scrolling text, countdown timer, increasing ransom amount and the horror associations, plays on the mind of those who may have seen the movie or even those who are vulnerable or of a nervous disposition.”
While the ransomware itself by have sunk to new depths, the people behind it turned out to have better imaginations than they had coding skills, with the infection itself fairly easy to detect and overcome, with the decryption key left in the source code, along with a list of 100 Bitcoin wallets that are used by the program to funnel funds back; suffice to say these addresses are now being spread throughout both the Bitcoin and security industries to assist in shutting them down.
Image credit: Trend Micro.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
