This sounds like a bad April Fool’s joke. A ransomware that encrypts your files and will only decrypt them if you play PlayerUnknown’s Battlegrounds? No, it’s real. It’s very, very real. And very confusing.
Originally discovered by MalwareHunterTeam, this not-so-malicious piece of malicious software encrypts files and folders on a computer desktop and displays the following message:
Your files, images, musics, documents are Encrypted!
Your files is encrypted by PUBG Ransomware!
but don’t worry! It is not hard to unlock it.
I don’t want money!
Just play PUBG 1Hours!
Or Restore is [ s2acxx56a2sae5fjh5k2gb5s2e ]
Poor grammar aside, the message is pretty clear: whoever made this ransomware wants you to play one hour of PUBG if you want your files again. But, he or she isn’t without a heart and kindly includes a decryption code for gamers who don’t own the game or can’t run it. After all, PUBG’s system requirements are fairly high; not everyone has a computer with an Nvidia GeForce GTX 960 or equivalent.
According to the computer help site Bleeping Computer, the PUBG Ransomware is fairly bare bones. It scans running processes for “TslGame” and decrypts all the encrypted files if TslGame runs for more than three seconds. Even though the ransom note states the game needs to be active for an hour, the program is extra generous (or incredibly impatient) and starts undoing its damage before gamers even exit PUBG’s splash page.
Apparently, the ransomware is so basic it will start decryption if it detects any executable process called TslGame.exe, even if it isn’t a game. This means a tech-savvy user could rename an executable as TslGame.exe, run it, and trick the ransomware into decrypting his or her files. Then again, PUBG Ransomware proudly displays the decryption key, which precludes the need to play the game at all, raising the question of why the malware even exists.
If this article gave readers a sense of deja vu, that’s because a similar piece of ransomware, RensenWare, hit the Internet last year. RensenWare encrypted files and required gamers to achieve a score of 0.2 billion on the Lunatic level of TH12 – Undefined Fantastic Object. That is an infinitely more daunting task than playing PUBG for three seconds, since TH12 is part of the Touhou Project franchise, which is infamous for its insane challenge even on easy difficulty modes. Plus, the ransomware application permanently deleted the decryption key if it was closed, which only added to the insanity. In all fairness, though, the creator of RensenWare admitted the ransomware was nothing more than a “joke” when he infected his own computer with RensenWare.
While PUBG Ransomware might just be the most ineffectual piece of malware in history, we still do not know why it was created. If it was coded to force people to play the developer’s favorite game, why does it include the decryption key? So many mysteries.