Table of Contents

Ransomware is Not Always About Money
Ransomware /

Ransomware is Not Always About Money

Not all ransomware demand money.

Don’t be surprised! We aren’t saying ransomware or ransomware attacks are good, legal or harmless. Ransomware as we all know is a nasty piece of malware and is dangerous. It encrypts files and locks user out of the system as soon it has access to the data. Then to decrypt the files it demands money to be paid. But there’s a new ransomware PUBG that encrypts data but doesn’t demand money. Instead it asks user to play a recently released online game PLAYERUNKNOWN’s Battlegorund (PUBG).

What is the Game about?

It is a multiplayer online battle game that is basically a “last-man-standing shooter” developed by PUBG corporation. Where players need to fight to locate weapons and supplies in a massive 8X8 km island to be the lone survivor.

But the mystery here is, user doesn’t need to fight with anything he just need to play the game to decode the files. Looks like the malware author just want users to play the game but why, it is a mystery.

How it works?

The bizarre and new ransomware encrypts user’s desktop files including subdirectories with a. PUBG extension. And shows a ransom note as follows:

PUBG Ransomware’s note reads “Your files is encrypted [sic] by PUBG Ransomware! But don’t worry! It is not that hard to unlock it. I don’t want money! Just play PUBG 1Hours [sic]!”

How to unlock computer from ransomware?

It isn’t at all difficult to unlock the computer from this new ransomware. The files can easily be unlocked after three minutes of a game of Battlegrounds as opposed to the stated 1 hour.

Ransom Screen

PUBG Ransomware
Your files, images, music, documents are Encrypted!
Your files are encrypted by PUBG Ransomware!
but don't worry! It is not hard to unlock it.
I don't want money!
Just play PUBG 1Hours!
Or Restore is [ s2acxx56a2sae5fjh5k2gb5s2e]

As mentioned in the ransom note, user can unlock the computer from ransomware without playing the game. For that he just needs to enter the code “s2acxx56a2sae5fjh5k2gb5s2e” given in the note and click the Restore button.

Also Read : 5 Best Ransomware Protection Tools For Windows

Besides, this user can easily bypass the new ransomware if the malware detects TSLGAME.exe under running apps list. For this user need to rename any accessible utility to TSLGAME.exe and run it, the malware will assume you are following the instructions and will let you unlock the files.

The ransomware even shows a counter for the user to keep track of the time. But you don’t have to worry the files get decrypted after three seconds of playing the game as opposed to 3600 seconds as mentioned in the ransomware note.

For those who have seen such instances it doesn’t come as a surprise. Because in 2017 a similar threat was discovered. To unlock files, it asked victim to score above 0.2 billion in the ‘lunatic’ level of the game TH12~ Undefined Fantastic Object.

Is this ransomware harmless?

As it all comes as a joke we are assuming it to be harmless. But no one knows what is the motive behind this ransomware.

In first look most of us will consider it innocuous as it has an inbuilt decryptor. But it isn’t acceptable as a bug will surely have disastrous side effect. If you cannot see them now it doesn’t mean all is fine. The risk of data corruption cause by malicious code is certain.

Therefore, you should always keep an anti-virus running and if you fall victim for any such threats, run a thorough security scan on your system and see if all is working fine.

Must Read : An Insight Into Rapid Ransomware

Wrap Up

Let’s be real, this may look like a fun threat but you may never know when such type of threats become mainstream. For some this may look like an excuse to fire the game up at work, but it can be dangerous.

Undoubtedly, it is one of the most benign ransomware programs but the disturbing part is to see how easily a ransomware program can spread and take control of sensitive files.

Leave a Reply

Your email address will not be published. Required fields are marked *