Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

There’s a Ransomware That Politely Asks You to Play PUBG

This article is over 6 years old and may contain outdated information

This sounds like a bad April Fool’s joke. A ransomware that encrypts your files and will only decrypt them if you play PlayerUnknown’s Battlegrounds? No, it’s real. It’s very, very real. And very confusing.

Recommended Videos

Originally discovered by MalwareHunterTeam, this not-so-malicious piece of malicious software encrypts files and folders on a computer desktop and displays the following message:

PUBG Ransomware
Your files, images, musics, documents are Encrypted!

Your files is encrypted by PUBG Ransomware!
but don’t worry! It is not hard to unlock it.
I don’t want money!
Just play PUBG 1Hours!

Or Restore is [ s2acxx56a2sae5fjh5k2gb5s2e ]

Poor grammar aside, the message is pretty clear: whoever made this ransomware wants you to play one hour of PUBG if you want your files again. But, he or she isn’t without a heart and kindly includes a decryption code for gamers who don’t own the game or can’t run it. After all, PUBG’s system requirements are fairly high; not everyone has a computer with an Nvidia GeForce GTX 960 or equivalent.

According to the computer help site Bleeping Computer, the PUBG Ransomware is fairly bare bones. It scans running processes for “TslGame” and decrypts all the encrypted files if TslGame runs for more than three seconds. Even though the ransom note states the game needs to be active for an hour, the program is extra generous (or incredibly impatient) and starts undoing its damage before gamers even exit PUBG’s splash page.

Apparently, the ransomware is so basic it will start decryption if it detects any executable process called TslGame.exe, even if it isn’t a game. This means a tech-savvy user could rename an executable as TslGame.exe, run it, and trick the ransomware into decrypting his or her files. Then again, PUBG Ransomware proudly displays the decryption key, which precludes the need to play the game at all, raising the question of why the malware even exists.

If this article gave readers a sense of deja vu, that’s because a similar piece of ransomware, RensenWare, hit the Internet last year. RensenWare encrypted files and required gamers to achieve a score of 0.2 billion on the Lunatic level of TH12 – Undefined Fantastic Object. That is an infinitely more daunting task than playing PUBG for three seconds, since TH12 is part of the Touhou Project franchise, which is infamous for its insane challenge even on easy difficulty modes. Plus, the ransomware application permanently deleted the decryption key if it was closed, which only added to the insanity. In all fairness, though, the creator of RensenWare admitted the ransomware was nothing more than a “joke” when he infected his own computer with RensenWare.

While PUBG Ransomware might just be the most ineffectual piece of malware in history, we still do not know why it was created. If it was coded to force people to play the developer’s favorite game, why does it include the decryption key? So many mysteries.


Twinfinite is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Aaron Greenbaum
Aaron Greenbaum
Aaron was a freelance writer between June 2018 and October 2022. All you have to do to get his attention is talk about video games, anime, and/or Dungeons & Dragons - also people in spandex fighting rubber suited monsters. Aaron largely specialized in writing news for Twinfinite during his four years at the site.
facebook