New ransomware frees your files if you play PUBG

Original author: Panda Security
  • Transfer


The new ransomware associated with PlayerUnknown's Battlegrounds (PUBG) seems like just a joke, as it does not require money to free your files.

Many types of computer viruses or “malware” can make life unbearable if you do not adequately protect your computer, especially when using the Internet. The consequences can be very different: from spyware to trojans or requests to make Bing your default search engine whenever you update Skype (well, the latter is not a virus, but you should be careful). And cryptographers are even more popular than ever, because they enable their authors to make money. But a ransomware has recently appeared that makes its victims play PlayerUnknown's Battlegrounds (PUBG) - this says a lot about the creativity of modern criminals.

As a rule, you should not be careless about cryptographers. The main difference between ransomware and other types of malware is that ransomware does not destroy data - it encrypts it or, in other words, “steals” the victim’s files. Those behind these attacks simply require you to provide a password in order to return the system back to normal until they are encrypted. As you can remember, about a year ago, the WCry or WannaCry ransomware shocked the world and endangered thousands of computers, although the case of the PUBG game is still not of such magnitude.



The existence of this virus became known to the public through the efforts of MalwareHunterTeam. Its main function is that it encrypts all files and folders on the desktop, adding the .PUBG extension, in order to “force” you to play PlayerUnknown's Battlegrounds for an hour. We do not write the word “force” in quotation marks, because the cryptographer makes it clear that you can enter the code in the appropriate field to return the system to its normal state. Thus, it seems that this malware is just a harmless joke.

In particular, the message, which is designed to convince you to save your captured data, says in poor English that the PUBG Ransomware encryptor encrypted your files. This is understandable, but you don’t have to worry much, because after that no one needs money from you, and your files can be decrypted if you just play the game PlayerUnknown's Battlegrounds for an hour or enter the received code.

So, if you do not want to play PUGB, you can just enter a set of numbers. By analyzing the code to check how the cryptor determines whether you are playing the game or not, MalwareHunterTeam experts determined that the cryptographer simply keeps track of whether the TS1Game file (the executable file that launches the game) has been launched.

In addition, you can "deal" with this encryptor and without having to follow the instructions and play the game for an hour - you can simply rename any file in TS1Game.exe and run it, because it takes only three seconds for the malware to determine that the action has been committed.



After the encryptor’s request has been fulfilled, either as a result of this simple trick or by honestly playing PUBG, the encryptor automatically decrypts the captured files and allows you to further do your own business or, possibly, play Fortnite - a competitor to PlayerUnknown's Battlegrounds.



This is not the first time that a type of malware has appeared that is associated with a video game. In 2017, there was another similar case, but its difference was that no code was provided for its bypass, and therefore the victim had to score a sufficiently large number of points in a rather complex shooter game.

However, the security of your systems is not something to play with, and even seemingly harmless jokes can ultimately contain secret trojans that can be activated in a few months. It is better to play games on a voluntary basis and if desired, and not through threats that could infect your computer.

Also popular now: