Due to the rapid development and popularization of the Internet, almost all the services around life are developing towards Internet information services. Nowadays, the threat of ransomware is increasing day by day, and it has become the primary threat to Internet information security. Antivirus software can provide basic computer protection, but when a user encounters a ransomware attack, the antivirus software may not be able to block it at the first time, and the files of the computer device will still be encrypted and then subjected to ransom, so they have no choice but to pay the ransom or reinstall it. Computer equipment. In order to reduce the losses caused by ransomware, this research uses Jigsaw ransomware samples and virtualization technology to explore possible remedial strategies by studying its transmission channels and analyzing its operating mechanism. When a user is accidentally invaded by a ransomware virus, there is still a way to recover important data, and the victim can successfully decrypt the file and retrieve the right to use without paying the ransom.