PUBG Ransomware demands victims to play game for decryption

Apr 14, 2018360TS

PUBG, as known as Playerunknown’s Battleground, is a phenomenonal game that emerged as a rock star and attracted a vast amount of players worldwide. Recently, a ransomware released and has been distributing itself in the name of RUBG. However, this malware is not coming for your money but your time.

Ransomware Made by Fans of PUBG?

MalwareHunterTeam, a famous security research team, recently revealed a Ransomware related to PUBG. Once infected, like other ransomware, all the documents on the victims’ computer will be encrypted. Interestingly, PUBG ransomware doesn’t ask for money or bitcoin like WannaCry and AllCry. Instead, victims will be asked to play one hour Playerunknown’s Battleground. From this point of view, this malware seems like a big fan evangelizing the game.

Play to Decrypt

After analysis, researchers in 360 Security Center found that this ransomware encrypts 168 file types on user’s desktop. All the encrypted files’ extension will be altered to .pubg but decrypting the hijacked files is actually simple. According to our analysis, it doesn’t take exact one hour game playing like the malware instructed. It only takes any application named TslGame.exe, the identical application file name of PUBG, to run for a few seconds.

The author of this malware also offers a decryption mechanism for victims to enter decryption code. According to our analysis, it’s a fake mechanism placed there to trick user since the input box is set to ready-only by default and will not be switched to writable during the application runtime. It means mechanism is simply a prank.

Tips for Victims

For victims who got infected, our suggestion is to rename any application to tslGame.exe and run it to decrypt the files. Also, we recommend users install 360 Total Security to gear a Ransomware Shield to prevent attacks in the first place.