PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown's Battlegrounds

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
Content source
https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/
In what could only be a joke, a new ransomware has been discovered called "PUBG Ransomware" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.

Discovered by MalwareHunterTeam, when the PUBG Ransomware is launched it will encrypt a user's files and folders on the user's desktop and append the .PUBG extension to them. When it has finished encrypting the files, it will display a screen giving you two methods that you can use to decrypt the encrypted files.

The first method that can be used is to simply enter the "s2acxx56a2sae5fjh5k2gb5s2e" code into the program and click the Restore button. If you want to be fancy, though, the ransomware also checks to see if you played PlayerUnknown's Battlegrounds by monitoring the running processes for one named "TslGame" as shown below.
......
......
Click to expand...
 
  • Like
Reactions: Marko :), tim one, upnorth and 8 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
This ransomware is not too advanced as it only looks for the process name and does not check for other information to confirm that the game is actually being played. That means you can simply run any executable called TslGame.exe and it will decrypt the files.
Click to expand...
 
  • Like
Reactions: Danielx64, Marko :) and tim one
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Yeah it seems a joke but this shows how arrogant are malcoders, a ransomware may steal money or imposing something against the will of the victim like in this case.
It is the mouse and cat game!
 
  • Like
Reactions: harlan4096, Marko :) and upnorth
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Replies
1
Views
1,594
News Archive
Kongo
Kongo
Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
Security News Online ransomware decryptor helps recover partially encrypted files
Replies
0
Views
1,059
Security News
Gandalf_The_Grey
Gandalf_The_Grey
MuzzMelbourne
    • Like
    • Applause
New ransomware decryptor recovers data from partially encrypted files
Replies
0
Views
1,328
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top