[maddog4012]

JIGSAW arrives as a file downloaded from a free cloud storage service named 1fichier[.]com. This service has previously hosted other malware like the information stealer FAREIT, as well as COINSTEALER, which gathers bitcoins. It can also be downloaded at hxxp://waldorftrust[.]com, where JIGSAW is most probably bundled with a cryptominer software.

[maddog4012]

some more samples

[yoto]

Thanks! The E variant doesn't work, however.

[maddog4012]

JIGSAW Crypto-Ransomware Turns Customer-Centric, Uses Chat for Ransom Attempts

The attackers actually have people standing by to answer questions. To see how far they’d go, we posed as New York-based employee whose office PC had been hit by JIGSAW–our responses are on the left, the cybercriminal on the right. Both responses are unedited.


How can I help you

can you really decrypt my files?

yes
its automatic
on payment is received all you have to do is click that you made payment
and the system will verify instantly

why are you guys doing this to us?

I am here to help you get your files back.
Let me know if you need any other instructions or help

im doomed!
my boss gonna fired me

all you have to do is pay $150. New york has Bitcoin atms
or you can visit http://www.localbitcoins.com

thats too much for me

sorry. depending on the amount of files encrypted it doubles to $300 after 24 hours and $450 after 72
it doesnt happen to all computers it depends on the file size encryption

is there a way to lower na payment?

We can do $125
that the minimum
and that is within 24 hours

let me see if i can work this with my boss

just send a message if we are not online we will come back online within 10 minutes
And we do decrypt all you files
100%
you have to message me when you make the payment so I can accept the $125 into the system if not it will tell you you haven’t payed enough. Each wallet is unique to the computer so I can verify instantly

[xors]

One more found