Jigsaw Ransomware and old malware is back with a phishing campaign that spread LokiBot. The LokiBot install Jigsaw Ransomware as its payload using an old Microsoft Office CVE-2017-11882 remote code execution vulnerability in Equation Editor. After executing it append .zemblax
extension to its encrypted files. To remain low and under the radar it ask $50 of ransom in Bitcoins for a decryption key. A ransom note with Salvadore Dali mask from the popular Money Heist show as its background is shown.
Jigsaw Ransomware Signatures
Jigsaw Ransomware Download