Posts tagged Invisible Empire

Jigsaw targets Windows OS and, currently, the method of distribution is unknown. Once an infection occurs, Jigsaw scans victims’ drives for specific file extensions and encrypts them using AES. Files encrypted by Jigsaw display the following extensions: .fun, .kkk, .gws, .btc, .payms, and .epic. A list of encrypted files are located on the infected system in the following location: %UserProfile%\AppData\Roaming\System32Work\EncryptedFileList.txt.

Read More