Ransomware That Deletes Your Files

Organizations with legal obligations to prevent data from improper alteration or destruction—I’m talking to you healthcare orgs that fall under HIPAA– really need to pay close attention to a new ransomware variant.

For the past month, the ransomware Jigsaw has been making good on their threat to delete  files of their victims every hour. After 72 hours, if they don’t pay the $150 USD ransom in bitcoin, these digital extortionists will delete all the files.

What’s more, if you try rebooting an infected computer, they’ll delete 1,000 files in revenge.

After security experts found a way to decrypt Jigsaw for free, the ransomware authors pivoted and rebranded Jigsaw to CryptoHitman, which continues to wreak havoc.

Security researcher Lawrence Abrams says the differences are mostly cosmetic: new pornographic locker screen, the use of the Hitman character, encrypted files are replaced with the extension .porno, and new filenames for the ransomware executables. Otherwise, this ransomware performs the same as the original Jigsaw ransomware.

The good news is that security researchers have been able to modify the Jigsaw Ransomware decryptor to also decrypt CryptoHitman affected files.

While we can all breathe a small sigh of relief, this should act as another warning especially to organizations with compliance obligations—the aforementioned  healthcare providers, as well government, and financial agencies—and of course really anyone else.

Interested in preventing ransomware? Stop ransomware with UBA.