Jigsaw Ransomware (.fun extension) Removal Guide

Do you know what Jigsaw Ransomware (.fun extension) is?

Recently we came across a new variant of Jigsaw Ransomware that we call Jigsaw Ransomware (.fun extension). It shows a ransom note with a message written in French. Translated to English, the text says the user can decrypt his files if he pays a ransom. The sum is around 300 euros, although according to the note it might get higher if the victim does not hurry. The reason we would not recommend paying the malicious application’s creators is there are no guarantees you will get your files decrypted. For example, the tool may not work, or the hackers might decide they want more money. If you think it could be too risky to deal with the cybercriminals, we advise deleting Jigsaw Ransomware (.fun extension) with the removal guide available below the article or a reputable antimalware tool you trust.

Users could end up receiving Jigsaw Ransomware (.fun extension) after launching suspicious email attachments or other files downloaded from the Internet. Our computer security specialists say users often receive such data with Spam or download it from file-sharing websites. As you see, the malware’s installer can pretend to be a picture, text document, software installer, update, and so on. In other words, it might not look like it could harm your system, which is why we recommend being careful with all files coming from unreliable sources. If you are not sure the data you downloaded or received is safe to interact with, you should not rush into it. It is better to employ a reputable antimalware tool that could check the suspected file and tell whether it carries anything malicious.

Jigsaw Ransomware (.fun extension) installer should place files called Frfx and Drpbx or similarly in the %APPDATA%, %LOCALAPPDATA%, and %USERPROFILE%\Local Settings\Application Data directories. Afterward, the malware is supposed to begin the encryption process. Files that get encrypted gain the .fun extension (e.g., picture.jpg.fun) and cannot be opened. Next, the malware should open a window with a ransom note. The message written in French ought to explain the user’s files were encrypted, and the only way to restore them is to purchase decryption tools from the threat’s creators. They ask to pay the ransom before the given time runs out, or the price will increase. Also, the cybercriminals threaten to delete some data if the user does not put up with their demands. Nonetheless, if you do not wish to risk losing your savings in vain, we advise removing Jigsaw Ransomware (.fun extension) instead of paying the ransom.Jigsaw Ransomware (.fun extension) Removal GuideJigsaw Ransomware (.fun extension) screenshot
Scroll down for full removal instructions

The malicious application can be erased manually, and the removal guide available below the article will explain how to do so. On the other hand, if you think eliminating Jigsaw Ransomware (.fun extension) manually might be too tricky, you could install a reputable antimalware tool instead. Just scan the system with it and wait till it provides a list of detections and a deletion button to click.

Erase Jigsaw Ransomware (.fun extension)

  1. Click Ctrl+Alt+Delete simultaneously.
  2. Pick Task Manager.
  3. Take a look at the Processes tab.
  4. Locate a process associated with this malicious program.
  5. Select this process and tap the End Task button.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file launched when the system got infected, right-click the malicious file and select Delete.
  9. Then find these directories:
    %APPDATA%
    %LOCALAPPDATA%
    %USERPROFILE%\Local Settings\Application Data
  10. Look for files called Drpbx and Frfx or similarly, right-click them and choose Delete.
  11. Close File Explorer.
  12. Press Windows Key+R.
  13. Type Regedit and click OK.
  14. Go to this path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  15. Look for a value name called firefox.exe or similarly, right-click it and select Delete.
  16. Exit Registry Editor.
  17. Empty Recycle bin.
  18. Restart the computer.

In non-techie terms:

Jigsaw Ransomware (.fun extension) is a harmful infection that may turn your photos, pictures, videos, and other private files into useless data. That is because the malicious application encrypts the user’s data with a robust encryption algorithm. As a consequence, the victim cannot open affected files without special decryption tools, and unfortunately, they are available only to the cybercriminals who developed the malware. Even though they offer to provide such tools they ask to pay a ransom in return and doing so could be dangerous since there are no reassurances the cybercriminals will hold on to their end of the deal. For those of you who do not want to risk ending up being scammed, we recommend deleting the malware and restoring files from backup copies (copies of important data kept on removable media devices or cloud storage). To eliminate the threat manually, you could complete the removal guide available a bit above this paragraph. However, if the instructions seem too tricky, it might be best to use a reliable antimalware tool.