Jigsaw Deletes Files Every Hour: Upgrade Your AVG Software Today!

June 29, 2016

Jigsaw is a fast-growing ransomware threat on the web, posing new danger for businesses. It is also the first ransomware to actually delete files hourly until the ransom is paid.

General Manager, AVG Business
Jigsaw is a fast-growing ransomware threat on the web, posing new danger for businesses. It is also the first ransomware to actually delete files hourly until the ransom is paid.

In April and May, our AVG Virus Lab team detected and blocked nearly 3,000 instances of Jigsaw across 25 countries. This recent detection report showed the malware being most active in the United States, Germany and South Africa.

Though the number of instances is alarming, our AVG 2016 AntiVirus engine and LinkScanner feature – integrated across all of our AVG Business products – is proactively detecting and blocking Jigsaw.

It is still critical that you understand how Jigsaw works, how to identify it and best steps for protection.

How does Jigsaw work? 

  • You typically have 72 hours to pay the ransom, usually in Bitcoin.
  • Every hour after that, Jigsaw deletes files to pressure victims into paying.
  • The rate at which files are deleted is exponential, from a single file to a thousand files at a time.

How does Jigsaw spread?

  • Email – malicious or spammed emails are common entry points.
    • Be on alert for malicious links and attachments with malicious code inside disguised as a pdf, Word, Excel or .Zip file. Don’t open email with suspicious or vague email subject lines.
  • Websites – visiting web pages can be an entry point.
    • Simply visiting an infected web site, you could be at risk.
    • Many websites are legitimate and you have no way of knowing if they have been infected.
    • Don’t click on popups or banner ads, if the product/service is of interest, then visit the site directly
    • The only defense is ensuring all software is updated, and using advanced antivirus software protection (Our AVG Business products provide this defense.)

How can a business stay protected?

  • Backup files to an external drive (local drives can become encrypted)
    • Even better, disconnect the external drive after the backup and do a cloud backup.
  • Educate employees
    • Employees should know what to watch for and what to avoid.
  • Implement policies to prepare for and manage ransomware
    • Antivirus software must always be on and up to date (AVG Business products detect and protect against ransomware and other malware. Be sure you have the latest AVG software running!)
    • Update all software to the latest versions, from within the product or directly from the vendor web site
    • Put processes in place and train users on what to do if an ‘event’ occurs (Examples: Notify IT or MSP, shut down, pull network cable).
  • Use multi-level AV protection
    • At AVG, we use a multi-layered security approach with multiple layers of inspection and testing to identify and eliminate a wide variety of malware.
    • AVG’s 2016 security engine leverages sophisticated technologies – including artificial intelligence, advanced algorithms and cloud-based outbreak detection to detect and protect in real-time. AVG Business products are powered by these technologies with features that also include an advanced scanning engine, LinkScanner for safe web surfing, online shield, identity protection and more.
    • We regularly submit our security software to independent test labs and have receive high industry-leading results across protection, performance and usability categories.

Don’t let your business or client’s business be held for ransom.  AVG partners and distributors can find out more about our AVG Business solutions with integrated AV 2016 at

Fred Gerritse
June 29, 2016