Researchers have discovered a new piece of ransomware that holds the victim’s files hostage. This one, however, comes with a rather peculiar demand in return for recovering the files, according to a Bleeping Computer report citing research by MalwareHunterTeam.
When executed, this ransomware – called “PUBG Ransomware” and detected by ESET as MSIL/Filecoder.HD – encrypts files and folders “only” on the user’s desktop and adds the .PUBG extension to them.
Then, a splash screen is displayed that contains the ransom note. It turns out that, in order to set the victim’s digital belongings free, all that the rather benign ransomware wants from the user is spend an hour playing a game called PlayerUnknown’s Battlegrounds (commonly known as PUBG, hence the ransomware’s name).
Or so the ransom note says. In fact, however, it was found that simply running the PUBG-associated executable for three seconds is enough to trigger the decryption.
Either way, if you’re not in the mood to even touch the game, the ransomware seems to let users off the hook: the ransom message includes the “restore code” apparently with no strings attached.
An analysis showed that the ransomware keeps tabs on processes running on the computer and checks if a process called “TslGame” is run. TslGame is apparently triggered whenever PUBG is launched, providing a way for the ransomware to determine, albeit somewhat simplistically, if the victim is playing ball. It’s unclear how this ransomware is being spread.
We reported in our mid-year review of last year’s cybersecurity landscape on another piece of ransomware that demanded that the user play a game. That creation, called ‘Rensenware’, required the victim to get a high score, at the “lunatic” level of a Japanese PC game in order to get their files back.
All told, however, these curious tales should not detract from the magnitude of the threat that ransomware represents at present. Campaigns from not long ago are a stark reminder of how much damage extortion campaigns can wreak.