The Avast Decryption Tool for Jigsaw is a free utility created by Avast to restore files encrypted by the Jigsaw ransomware strain without paying a ransom. Jigsaw is notorious for using an image of the “Billy the Puppet” character from the Saw horror franchise and progressively deleting a victim’s files every hour that the ransom goes unpaid.
The following step-by-step removal guide outlines how to neutralize the threat and completely decrypt your files using the official Avast Ransomware Decryption Tools. Step 1: Terminate the Malware Processes
Before downloading any tools, you must stop Jigsaw from actively deleting your files. Open Task Manager: Press Ctrl + Shift + Esc simultaneously.
Locate the threat: Scroll through the background processes to find firefox.exe or drbx.exe. Jigsaw purposefully uses these fake names to disguise itself as legitimate software.
Kill the process: Right-click the suspicious process and select End Task. Step 2: Clear Jigsaw from Startup
Jigsaw configures itself to launch every time your computer boots up.
Open the Run Command: Press the Windows Key + R, type msconfig, and hit Enter.
Check Startup Items: Go to the Startup tab (on Windows ⁄11, this will redirect you to the Startup section of the Task Manager).
Disable the malware: Locate any entries referencing the fake firefox.exe or drbx.exe paths pointing to the AppData folder, right-click them, and select Disable. Step 3: Download and Run the Avast Decryptor
Once the active threat is paused, you can safely utilize the official Avast Free Decryption Utility.
Download the tool: Grab the dedicated Jigsaw installer directly from the official Avast Ransomware Decryption Page.
Launch the program: Double-click the downloaded .exe file. If Windows throws a protection warning, click More Info and choose Run Anyway.
Advance past welcome: Click Next on the initial Avast wizard splash screen. Step 4: Define Drives and Decrypt
The utility needs to scan your storage to find the specific files tagged with Jigsaw extensions (such as .sif, .kkk, .btc, or .paybtcs).
Select drive locations: By default, local drives are selected. You can add specific network or external folder paths if needed. Click Next.
Provide file pairs (if prompted): If the tool requires a password crack, upload one encrypted file alongside its original, unencrypted version (like a default Windows wallpaper or an email attachment you have backed up elsewhere).
Initiate decryption: Click Decrypt on the final screen. Keep the “Backup encrypted files” box checked just in case an error occurs during file translation. Step 5: Post-Removal Cleanup
After the wizard confirms successful file decryption, run a full system scan using a trusted antivirus software to wipe any remaining tracer files. Finally, restart your PC to clear any residual malicious scripts from your system’s active memory.
Free Ransomware Decryption Tools | Unlock Your Files – Avast
Leave a Reply