Monday, April 16th 2018

PUBG Ransomware Forces Users to Play PUBG to Decrypt Their Files

MalwareHunterTeam recently discovered the PUBG ransomware that is currently floating around the internet. When executed, the pesky program would encrypt the files and folders that are located on the victim's desktop and add the ".PUBG" extension to them. While meant to be more of a joke than actual malware, the program demands that the victim play PUBG for an hour. Nevertheless, users can decrypt their files in two ways. They can introduce the "s2acxx56a2sae5fjh5k2gb5s2e" code into the program and proceed to restore their files or launch the PUBG executable for three seconds. MalwareHunterTeam noted that the program runs a background check for a "TslGame" process, and therefore users can rename any executable to TslGame.exe and trick the malware into thinking that the fake executable is the real deal.
Source: BleepingComputer
Add your own comment

12 Comments on PUBG Ransomware Forces Users to Play PUBG to Decrypt Their Files

#1
peche
Thermaltake fanboy
"Chino said:
Want to play a cruel joke on your buddies? Send them a copy of the PUGB ransomware.
nice advise, indeed....!
Posted on Reply
#2
eidairaman1
The Exiled Airman
Well that games ratings just went down the toilet
Posted on Reply
#3
Supercrit
Make one which forces the user to answer physics or chemistry questions, that will make the world a better place.
Posted on Reply
#4
the54thvoid
I don't generally do negative news comments but this was sent to me via a google feed last week. Even the source article is a week old. I think the news section ought to have 'news', not 'olds'.
Posted on Reply
#5
Vayra86
"the54thvoid said:
I don't generally do negative news comments but this was sent to me via a google feed last week. Even the source article is a week old. I think the news section ought to have 'news', not 'olds'.
+1
Posted on Reply
#6
dorsetknob
"YOUR RMA REQUEST IS CON-REFUSED"
"Want to play a cruel joke on your buddies? Send them a copy of the PUBG ransomware."
How irresponsible of the OP to POST THIS
TPU Staff you can do better
Posted on Reply
#7
Katanai
"Chino"
Want to play a cruel joke on your buddies? Send them a copy of the PUBG ransomware.
I cannot believe what TPU has become. Encrypting and decrypting all files on a computer is not a joke. A lot of things can go wrong and some of the files might become corrupted and unusable. Anyone who writes for TPU should know better than to advocate something like this...
Posted on Reply
#8
BiggieShady
Have you noticed, guy names his own methods in Spanish

RutinaDeCifrado seems like DecypheringRoutine
BusarArchivos seems like ShearchArchives

Didn't bother to change his default class name Form1 to something meaningful though ... and he detects process only by name (edit: ah, it's what article is about)
Posted on Reply
#9
qubit
Overclocked quantum bit
This little "joke" is nastier than it first seems, as others have explained on here. I'll bet some malware programmer has already made a more damaging version of it, with real consequences.

"Want to play a cruel joke on your buddies? Send them a copy of the PUBG ransomware."

I don't think it's a good idea to give people ideas, either. There's nothing humorous about this malware.
Posted on Reply
#10
BiggieShady
"qubit said:
I don't think it's a good idea to give people ideas, either. There's nothing humorous about this malware.
I don't want to downplay seriousness of this, but as far as the damage goes, running an executable (as admin) you didn't acquire through official means, the possible damage can be even worse and just as easily as this
Posted on Reply
#11
qubit
Overclocked quantum bit
"BiggieShady said:
I don't want to downplay seriousness of this, but as far as the damage goes, running an executable (as admin) you didn't acquire through official means, the possible damage can be even worse and just as easily as this
Yeah, good point. The more one thinks about it, the uglier it gets.
Posted on Reply
#12
peche
Thermaltake fanboy
"dorsetknob said:
How irresponsible of the OP to POST THIS
TPU Staff you can do better
that was my sarcastic point, that should not be in news list, guest and people on internet have different interpretations for this..... just my two cents...
Posted on Reply
Add your own comment