Jigsaw 4.6 Ransomware

What is Jigsaw 4.6 Ransomware?

Jigsaw 4.6 Ransomware is a new updated version of Jigsaw Ransomware which did much harm for hundreds of computer users some time ago. The new version slightly differs from the old one the way it looks. Also, researchers at anti-spyware-101.com who have tested Jigsaw 4.6 Ransomware have noticed that it, unlike Jigsaw Ransomware, does not encrypt files at the time of writing although users are informed that files stored on their computers have all been encrypted. Surprisingly, it does not launch together with the Windows OS as well, which means that users will not find it opened again after restarting their computers. Currently, Jigsaw 4.6 Ransomware should not cause much harm, but it does not mean that users who have encountered this computer infection can keep it on their computers and do nothing because sooner or later it will definitely be updated by cyber criminals. We are sure you would not want to have it on your system when this happens. This malicious application drops some files on the computer it enters and opens two windows containing ransom notes, but its removal should not be very complicated with our help.

What does Jigsaw 4.6 Ransomware do?

You can be sure that Jigsaw 4.6 Ransomware is inside your system if you see a window with a scary face and a message claiming that photos, videos, documents, and other files have been encrypted. It is not the only window you will see. A smaller text box containing the similar text is opened for users too. It is read aloud for users, which is quite frightening. These ransom notes not only tell users that their most valuable files have been encrypted, but also try to convince them to send 150 USD, or 0.4 Bitcoin, within 24 hours to 41h8a9K5bh1lIPo964hTEBnj783j91kM0a (Bitcoin address) to get the decryption key. Users should not go to send money to cyber criminals because, most probably, these files have not even been locked. It seems that Jigsaw 4.6 Ransomware uses a scare tactic to push users into making a payment these days because it currently does not lock any files. It means that there is no point in sending money to crooks either. According to researchers, this infection contains numerous bugs, or it has not been finished yet because none of its buttons (View encrypted files and I made my payment! Give me back my files) are active either. It does not mean that it cannot be updated in the future. If you are reading this article because you have found almost all your files encrypted and do not know what to do, you should know that transferring money to cyber criminals is the worst decision. It is because you have no guarantees that you will receive the key and could unlock your files with its help. In such a case, the happiest users are those who have backed up their files before the entrance of ransomware because they can recover their files without the special key after deleting the ransomware infection.

Unlike its predecessor, Jigsaw 4.6 Ransomware does not create any new registry keys after the successful infiltration, but it cannot be called a “file-less” threat either because it drops .vbs files (SPEAK.vbs and TEXT.vbs) in %TEMP%. In addition, it creates the .exe file (appmodel.exe) there as well. It should also be noted that this ransomware infection creates two new processes in the Task Manager too. The one should contain the name Jigsaw Ransomware while the second one is wscript.exe (it is responsible for opening the window with the text box). Because of this, even though this ransomware does not perform any malicious activities for the time being, you will need to perform a few removal steps to delete it.

Where does Jigsaw 4.6 Ransomware come from?

Specialists do not have much information about the distribution of Jigsaw 4.6 Ransomware yet because they have detected it only recently, but it is already clear for them that users do not download it voluntarily on their computers. In the opinion of experienced malware analysts, this ransomware infection should be spread using the method employed to distribute similar malicious applications. This is, it should travel as an email attachment. In most cases, spam emails contain Jigsaw 4.6 Ransomware as their attachments. Of course, users are not told about that in advance, so it does not surprise researchers at all that so many users help this malicious application to enter their computers unknowingly.

How do I delete Jigsaw 4.6 Ransomware?

To delete Jigsaw 4.6 Ransomware fully, you first need to go to close two windows containing ransom notes opened by this computer infection. On top of that, you should go to delete files dropped by ransomware from %TEMP%. This might seem to be easy at first, but we still suggest following our step-by-step manual removal guide so that it would be deleted fully. After getting rid of this infection, scan your PC with SpyHunter to take care of other undesirable programs active on the computer too. It might be possible to erase them all manually too, but this would take much time, so do not waste it.

The Jigsaw 4.6 Ransomware manual removal guide

1. Press Ctrl+Shift+Esc.
2. Open the Processes tab.
3. Right-click on the Jigsaw Ransomware process and click End Now.
4. Locate the process Wscript.exe and kill it too (right-click on it and click End Now).
5. Close the Task Manager.
6. Open the Windows Explorer (Win+E).
7. Open %TEMP%.
8. Delete SPEAK.vbs, TEXT.vbs, and appmodel.exe from this directory.
9. Locate and remove all recently downloaded suspicious files (check %USERPROFILE%\Downloads).
10. Empty the Recycle bin.

Download Removal Tool100% FREE spyware scan and
tested removal of Jigsaw 4.6 Ransomware*