Jigsaw 4.6 Ransomware Removal Guide

Do you know what Jigsaw 4.6 Ransomware is?

Judging from the name it has, Jigsaw 4.6 Ransomware is closely associated with Jigsaw Ransomware, which used to be a popular threat. Therefore, our specialists have decided to carry out research in order to find out whether or not it is true. Of course, this study has revealed that Jigsaw 4.6 Ransomware is a new slightly updated version of Jigsaw Ransomware. Although they are both related to each other, they cannot be compared by any means because, as our team of experienced specialists suspects, Jigsaw 4.6 Ransomware does not work the way it should at the time of writing. It might have serious bugs, or it has not been finished yet by cyber criminals. In any event, it should not cause much harm to you if you ever encounter it. Of course, this new version might be fixed soon, so we cannot promise that you will not find your documents, pictures, music, and other important files encrypted after the entrance of Jigsaw 4.6 Ransomware.

Even though the version our researchers have tested does not encrypt any users’ files, it still drops several files on the computer upon the entrance. It places three files (speak.vbs, text.vbs, and appmodel.exe) in %TEMP%. After doing that, it opens two windows. One of these windows covers the entire Desktop, whereas the smaller one appears on top of it. Both of them contain a similar text. More specifically, they open a ransom note for users. Users are told that their files have been encrypted (it is not true!) and now they need to pay 150 USD in Bitcoins (0.4 BTC) to get the decryption key. They are given 24 hours to do that, but the time is not ticking, which proves again that Jigsaw 4.6 Ransomware is not working well. Specialists have noticed that buttons (View encrypted files and I made payment! Give me back my files) located on one of ransomware windows do not work either. Last but not least, this ransomware infection does not encrypt users’ files as well, so there is no point in going to pay money to cyber criminals. If you encounter an updated version of Jigsaw 4.6 Ransomware and you find that you cannot access any of your files, you should not send cyber criminals money in this case too because you might not even receive the decryption key after sending them money. Also, it might be possible to recover files without it, e.g. recover them from a backup or recover data with a third-party tool, so users should not think that the only solution to the problem is transferring the required ransom.

Not much information about the distribution of Jigsaw 4.6 Ransomware is available at the time of writing, but malware analysts are 99% sure that this computer infection is spread through spam emails like other similar ransomware infections are. Needless to say, users do not know that an attachment they see in an email they have received is pure malware. Never again open email attachments sent to you if you are not expecting any emails with attachments or they are sent by unknown people/companies. In addition, it is a must to have a reputable security application installed on the computer. It will recognize and will not allow dangerous overlooked software to enter your computer. In other words, you will be safe if you keep your security software enabled on your system.

Unlike the previous version, Jigsaw 4.6 Ransomware does not make modifications in the system registry and does not block any system utilities, so its deletion should not cause many problems to you. If you have never deleted a ransomware infection before, we suggest using our step-by-step manual removal guide. Alternatively, after closing windows opened by Jigsaw 4.6 Ransomware, i.e. killing two processes, you can download and install a reputable antimalware tool on your PC, e.g. SpyHunter. It does not really matter which of these methods is employed, the most important thing is the final result, i.e. you have to fully erase Jigsaw 4.6 Ransomware.

Delete Jigsaw 4.6 Ransomware manually

  1. Open the Task Manager (press Ctrl+Shift+Esc).
  2. Click Processes.
  3. Locate the process of the ransomware infection (it should have the Jigsaw Ransomware name).
  4. Right-click on it and select End Process.
  5. Locate the process Wscript.exe.
  6. Kill it (right-click on it after locating it and select End Process).
  7. Close the Task Manager and press Win+E.
  8. Open %TEMP% (type this directory in the URL bar at the top and press Enter).
  9. Delete speak.vbs, text.vbs, and appmodel.exe.
  10. Locate and remove all suspicious files downloaded recently.
  11. Empty the Recycle bin.

In non-techie terms:

Ransomware infections are usually spread through spam emails, but they can also enter computers together with other suspicious programs pretending to be beneficial software from the web. On top of that, threats already existing on the computer can help them to enter the system too, so it is highly recommended to scan the system with an automatic scanner after erasing Jigsaw 4.6 Ransomware. You do not need to do that again if Jigsaw 4.6 Ransomware has been erased automatically because your tool has already deleted other infections/suspicious software as well.