Jump to content

Rensenware

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Citation bot (talk | contribs) at 05:37, 16 February 2022 (Add: website. | Use this bot. Report bugs. | Suggested by Susmuffin | #UCB_toolbar). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Rensenware
Original author(s)Kangjun Heo
RepositoryGitHub
Written inC#
Operating systemWindows
TypeRansomware
LicenseGNU GPL (backend)

Rensenware (蓮船ウェアー, 련선웨어; stylized as rensenWare) is a ransomware that infects Windows computers.[1][2] This ransomware was created as a joke by the Korean programmer Kangjun Heo (허강준) (alias "0x00000FF").[3] The ransomware was discovered on April 6, 2017. Rensenware is unusual as an example of ransomware in that it does not request the user pay the creator of the virus to decrypt their files, instead requiring the user achieve a required number of points in the 2009 bullet hell video game Touhou Seirensen ~ Undefined Fantastic Object before any decryption can take place. The main window displays Minamitsu Murasa, a character from the game.

Payload

When running, it encrypts the user's files with certain extensions. Once the files were encrypted, a warning window that cannot be closed appears. The program forces the user to play Touhou Seirensen ~ Undefined Fantastic Object, which is not included with the ransomware and they must download on their own, and play "Lunatic" mode and get at least 200 million points, in order to decrypt their files (the program automatically detects the game's process "TH12" and its accumulated points).[1] It is advised that the user should not kill the Rensenware main program until their files are decrypted, otherwise, the user will lose their files permanently.

For the users who were affected (including their own creator who self-infected), its developer created a program to "decrypt" those files (which basically "cheats" TH12 by setting a custom score and injecting it into the game, satisfying the Rensenware program requirements),[4] and for those ones who want to prevent an infection, he has created another program. Its creator also released a small part of its source code on GitHub (without the payload).[5]

The programmer of Rensenware accidentally infected himself, and found that he was unable to get the necessary score. He later uploaded a piece of software that neutralised Rensenware onto GitHub, along with an apology.[6]

References

  1. ^ a b Gartenberg, Chaim (2017-04-07). "New ransomware locks your files behind an anime bullet hell shooter". The Verge. Archived from the original on 2020-01-20. Retrieved 2020-01-21.
  2. ^ Orland, Kyle (2017-04-07). "Do you want to play a game? Ransomware asks for high score instead of money". Ars Technica. Archived from the original on 2020-02-01. Retrieved 2020-02-01.
  3. ^ "0x00000FF - Overview". GitHub. Archived from the original on 2019-08-04. Retrieved 2020-01-21.
  4. ^ "rensenWare removal tool by its author". GitHub. 2019-12-18. Archived from the original on 2020-09-18. Retrieved 2020-01-21.
  5. ^ "rensenWare source code". GitHub. 2020-01-10. Archived from the original on 2019-09-11. Retrieved 2020-01-21.
  6. ^ Good, Owen S. (2017-04-09). "Virus locks out data, unless you can score 200 million in an impossible game". Polygon. Archived from the original on 2021-04-10. Retrieved 2021-04-03.

This article incorporates material derived from the "Rensenware" article on the malware wiki at Fandom (formerly Wikia) and is licensed under the Creative Commons Attribution-Share Alike 3.0 License (December 18, 2019).