Rensenware

Rensenware
Surname	Rensenware
Aliases	rensenWare
Known since	April 6, 2017
Authors	Kangjun Heo
system	Windows
programming language	C #

Rensenware is a blackmail Trojan that only attacks Windows computers and forces affected users to successfully complete a video game on the highest level of difficulty and achieve a certain minimum number of points.

history

The South Korean programmer Kangjun Heo programmed the Trojan for fun while he was a student and published the code on the Twitter platform , which made it publicly available and misused it as malware . Like other blackmail software, Rensenware encrypts the data on the infected computer. Unlike other blackmail Trojans, Rensenware does not demand a ransom from its victims , but rather the successful completion of the Danmaku game Touhou Seirensen ~ Undefined Fantastic Object from the Touhou Project on the highest level of difficulty with at least 200 million points.

Surname

The name Rensenware is an allusion to the twelfth game in the Danmaku game series Touhou Project Touhou Seirensen , which affected users must download and successfully finish in order to decrypt their data.

Function and presentation

The data from Windows computers that have been infected with the Rensenware are encrypted . A warning about data encryption appears on the screen, in which Minamitsu Murasa, a character from the Danmaku game series Touhou Project , informs affected users of the data theft and forces them to download, install and upgrade the game Touhou Seirensen ~ Undefined Fantastic Object Successfully complete the difficulty level. The user must achieve at least 200 million points for the encrypted data to be released and decrypted again. The malicious program is able to track the score and the points achieved.

The Rensenware searches the computer for certain file formats such as MP3 , MP4 , AVI , DOC , PSD , RAR etc. and encrypts them using AES-256.

Users whose computers have been infected with Rensenware are advised not to remove the Trojan before decrypting the files, as this would also irrevocably lose all encrypted data. Heo developed a decryption program for affected users that simulates the Trojan that it has successfully completed the game with the requirements set for decryption.

Heo, who programmed the Rensenware, accidentally infected his own computer and failed to decrypt the encrypted data himself. When he published the program code on Twitter , he found that it gained worldwide fame. As soon as it became known, he developed a program for decryption and apologized for the publication of the Rensenware. In addition, he developed a program that protects the computer from being infected with the Rensenware.

additional

The PUBG ransomware also prompts users to play a video game. This is PlayerUnknown's Battlegrounds , PUBG for short, which has to be played for an hour so that encrypted data can be released again.

Individual evidence

↑ ^a ^b ^c l + f: Rensenware exchanges data for high scores. Heise , April 10, 2017, accessed April 10, 2021 .
↑ ^a ^b ^c Kyle Orland: Do you want to play a game? Ransomware asks for high score instead of money. Ars Technica , April 7, 2017, accessed April 10, 2021 .
↑ ^a ^b Victor Poitevin: An Overview of the Most Devilish Ransomwares in the World. Stormshield.com, August 7, 2018, accessed April 10, 2021 .
↑ ^a ^b ^c ^d Cecilia D'Anastasio: Anime Malware Locks Your Files Unless You Play A Game. Kotaku , April 7, 2017, accessed April 10, 2021 .
↑ Chaim Gartenberg: New ransomware locks your files behind an anime bullet hell shooter. The Verge , April 7, 2017, accessed April 10, 2021 .
↑ Lawrence Abrams: RensenWare Will Only Decrypt Files if Victim Scores .2 Billion in TH12 Game. Bleepingcomputer.com, April 6, 2017, accessed April 13, 2021 .
↑ ^a ^b ^c Owen S. Good: Virus locks out data, unless you can score 200 million in an impossible game. Polygon , April 9, 2017, accessed April 10, 2021 .
↑ Hangjun Heo: Program for the decryption of encrypted data by Rensenware. GitHub , accessed April 10, 2021 .
↑ Sebastian Hardt: 200 million points for your data: Rensenware wants you to play a game. Netz.de, April 10, 2017, accessed on April 12, 2021 .

[Heise-1] l + f: Rensenware exchanges data for high scores. Heise , April 10, 2017, accessed April 10, 2021 .

[ArsTechnica-2] Kyle Orland: Do you want to play a game? Ransomware asks for high score instead of money. Ars Technica , April 7, 2017, accessed April 10, 2021 .

[Stormshield-3] Victor Poitevin: An Overview of the Most Devilish Ransomwares in the World. Stormshield.com, August 7, 2018, accessed April 10, 2021 .

[Kotaku-4] Cecilia D'Anastasio: Anime Malware Locks Your Files Unless You Play A Game. Kotaku , April 7, 2017, accessed April 10, 2021 .

[TheVerge-5] Chaim Gartenberg: New ransomware locks your files behind an anime bullet hell shooter. The Verge , April 7, 2017, accessed April 10, 2021 .

[6] Lawrence Abrams: RensenWare Will Only Decrypt Files if Victim Scores .2 Billion in TH12 Game. Bleepingcomputer.com, April 6, 2017, accessed April 13, 2021 .

[Polygon-7] Owen S. Good: Virus locks out data, unless you can score 200 million in an impossible game. Polygon , April 9, 2017, accessed April 10, 2021 .

[8] Hangjun Heo: Program for the decryption of encrypted data by Rensenware. GitHub , accessed April 10, 2021 .

[9] Sebastian Hardt: 200 million points for your data: Rensenware wants you to play a game. Netz.de, April 10, 2017, accessed on April 12, 2021 .