New Ransomware Wants You To Play PUBG

This ransom screen states:

PUBG Ransomware
Your files, images, musics, documents are Encrypted!

Your files are encrypted by PUBG Ransomware!
but don't worry! It is not hard to unlock it.
I don't want money!
Just play PUBG 1Hours!

Or Restore is [ s2acxx56a2sae5fjh5k2gb5s2e ]

As stated in the ransom instructions, the first method that can be used to decrypt the files is to simply enter the "s2acxx56a2sae5fjh5k2gb5s2e" code into the program and click the Restore button.

If you want to be fancy, though, the ransomware also checks to see if your  playing PlayerUnknown's Battlegrounds by monitoring the running processes for one named " TslGame" as shown below. Even though the ransom note states you need to run it for 1 hour, you only need to run the executable for 3 seconds.

process

Once a user plays the game and the process is detected, the ransomware will automatically decrypt the victim's files.  This ransomware is  not too advanced as it only looks for the process name and does not check for other information to confirm that the game is actually being played. That means you can simply run any executable called TslGame.exe and it will decrypt the files.

This is not the first time a joke ransomware has been created that requires you to play a game before files will be encrypted. In 2017, MalwareHunterTeam also found RenSenWarewhich required you to play the TH12 Game and score .2 billion points in order to get recover your files.

]]>

Leave a Reply