Rensenware

Rensenware (蓮船ウェアー, 련선웨어) (stylized as rensenWare) is a ransomware that infects Windows computers.[1][2] This ransomware was created as a joke by the Korean programmer Kangjun Heo (허강준) (aka "0x00000FF").[3] The ransomware was discovered at April 6, 2017. The main window depicts "Minamitsu Murasa", a character from the Touhou Project franchise. Rensenware is unusual as an example of ransomware in that it does not request the user pay the creator of the virus to decrypt their files, instead requiring the user achieve a required number of points in the 2009 bullet hell video game Touhou Seirensen ~ Undefined Fantastic Object before any decryption can take place.

Rensenware
Rensenware main window
Original author(s)Kangjun Heo
RepositoryGitHub
Written inC#
Operating systemWindows
TypeRansomware
LicenseGNU GPL (backend)

Payload

When running, it encrypts the user's files with certain extensions. Once the files were encrypted, a warning window that cannot be closed appears. The program forces the user to play Touhou Seirensen ~ Undefined Fantastic Object, which is not included with the ransomware and they must download on their own, and play "Lunatic" mode and get at least 200 million points, in order to decrypt their files (the program automatically detects the game's process "TH12" and its accumulated points).[1] It is advised that the user should not kill the Rensenware main program until their files are decrypted, otherwise, the user will lose their files permanently.

For the users who were affected (including their own creator who self-infected), its developer created a program to "decrypt" those files (which basically "cheats" TH12 by setting a custom score and injecting it into the game, satisfying the Rensenware program requirements),[4] and for those ones who want to prevent an infection, he has created another program. Its creator also released a small part of its source code on Github (without the payload).[5]

References
  1. Gartenberg, Chaim (2017-04-07). "New ransomware locks your files behind an anime bullet hell shooter". The Verge. Retrieved 2020-01-21.
  2. Orland, Kyle (2017-04-07). "Do you want to play a game? Ransomware asks for high score instead of money". Ars Technica. Retrieved 2020-02-01.
  3. "0x00000FF - Overview". GitHub. Retrieved 2020-01-21.
  4. "rensenWare removal tool by its author". 2019-12-18. Retrieved 2020-01-21.
  5. "rensenWare source code". 2020-01-10. Retrieved 2020-01-21.

This article incorporates material derived from the "Rensenware" article on the malware wiki at Wikia and is licensed under the Creative Commons Attribution-Share Alike License (December 18, 2019).

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.