Ransomware That Deletes Your Files

Organizations with legal obligations to prevent data from improper alteration or destruction—I’m talking to you healthcare orgs that fall under HIPAA– really need to pay close attention to a new...
Michael Buckbee
1 min read
Last updated October 21, 2021

Organizations with legal obligations to prevent data from improper alteration or destruction—I’m talking to you healthcare orgs that fall under HIPAA– really need to pay close attention to a new ransomware variant.

For the past month, the ransomware Jigsaw has been making good on their threat to delete  files of their victims every hour. After 72 hours, if they don’t pay the $150 USD ransom in bitcoin, these digital extortionists will delete all the files.

What’s more, if you try rebooting an infected computer, they’ll delete 1,000 files in revenge.

After security experts found a way to decrypt Jigsaw for free, the ransomware authors pivoted and rebranded Jigsaw to CryptoHitman, which continues to wreak havoc.

Security researcher Lawrence Abrams says the differences are mostly cosmetic: new pornographic locker screen, the use of the Hitman character, encrypted files are replaced with the extension .porno, and new filenames for the ransomware executables. Otherwise, this ransomware performs the same as the original Jigsaw ransomware.

The good news is that security researchers have been able to modify the Jigsaw Ransomware decryptor to also decrypt CryptoHitman affected files.

While we can all breathe a small sigh of relief, this should act as another warning especially to organizations with compliance obligations—the aforementioned  healthcare providers, as well government, and financial agencies—and of course really anyone else.

Interested in preventing ransomware? Stop ransomware with UBA.

 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

is-a-ransomware-attack-a-data-breach?
Is a ransomware attack a data breach?
Understanding if ransomware is a data breach is vital to determining what response your IT and Legal department needs to take.
last-week-in-ransomware:-week-of-june-28th
Last Week in Ransomware: Week of June 28th
Ransomware in the News If you’re a small or medium business using locally hosted cloud storage drives by a popular brand you need to disconnect them from the internet immediately....
introducing-a-new-security-dashboard,-enhanced-behavioral-analysis,-and-more
Introducing a new security dashboard, enhanced behavioral analysis, and more
Every day we hear new stories about how our customers are using DatAlert to stop cyberattacks: detecting and disabling ransomware infections, discovering misconfigurations and vulnerabilities, and setting up automatic responses...
last-week-in-ransomware:-week-of-july-26th
Last Week in Ransomware: Week of July 26th
This week REvil Ransomware had a universal decryption key appear out of thin air and the US has accused China of ProxyLogon.