
This is actually one of the first crypto ransomware products that can be decrypted without reverting to a backup or paying a ransom. Jigsaw ransomware isn’t as complex as other ransomware products I’ve seen, and it can be decrypted quite easily.

Even though Dell released their alert on April 22nd, 2016 I’m guessing they knew about it more than a few days before their press release. They had to document how Jigsaw spreads, where it installs, and then they had to create their antivirus signature. Dell had to get a copy of the ransomware and test in a secure environment. If you stop and consider the process Dell had to become aware of the threat. I cannot fault Dell for their alert being too late to protect the tens of thousands of systems that were infected by Jigsaw. For many victims of ransomware signature based alerts are too little, too late. I appreciate Dell’s efforts in alerting the community to this potential ransomware threat. The alert is very informative and describes in detail what Jigsaw is, how it infects a workstation or server and even gives screenshots of the ransom note and the C&C server.

The alert explained that “The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Jigsaw (named after the fictional character) which encrypts the system files and also deletes them if the payment is not made on time.” The alert informs recipients that the “ GAV: Jigsaw.A (Trojan)” signature has been added to the SonicWALL Gateway Antivirus service. Dell released a SonicWall Security Center alert regarding the Jigsaw ransomware virus on April 22, 2016.
