Rensenware
Rensenware (蓮船ウェアー, 련선웨어; stylized as rensenWare) is a ransomware that infects Windows computers.[1][2] This ransomware was created as a joke by the Korean programmer Kangjun Heo (허강준) (alias "0x00000FF").[3] The ransomware was discovered at April 6, 2017. Rensenware is unusual as an example of ransomware in that it does not request the user pay the creator of the virus to decrypt their files, instead requiring the user achieve a required number of points in the 2009 bullet hell video game Touhou Seirensen ~ Undefined Fantastic Object before any decryption can take place. The main window displays Minamitsu Murasa, a character from the game.
Rensenware main window | |
Original author(s) | Kangjun Heo |
---|---|
Repository | GitHub |
Written in | C# |
Operating system | Windows |
Type | Ransomware |
License | GNU GPL (backend) |
Payload
When running, it encrypts the user's files with certain extensions. Once the files were encrypted, a warning window that cannot be closed appears. The program forces the user to play Touhou Seirensen ~ Undefined Fantastic Object, which is not included with the ransomware and they must download on their own, and play "Lunatic" mode and get at least 200 million points, in order to decrypt their files (the program automatically detects the game's process "TH12" and its accumulated points).[1] It is advised that the user should not kill the Rensenware main program until their files are decrypted, otherwise, the user will lose their files permanently.
For the users who were affected (including their own creator who self-infected), its developer created a program to "decrypt" those files (which basically "cheats" TH12 by setting a custom score and injecting it into the game, satisfying the Rensenware program requirements),[4] and for those ones who want to prevent an infection, he has created another program. Its creator also released a small part of its source code on Github (without the payload).[5]
References
- Gartenberg, Chaim (2017-04-07). "New ransomware locks your files behind an anime bullet hell shooter". The Verge. Retrieved 2020-01-21.
- Orland, Kyle (2017-04-07). "Do you want to play a game? Ransomware asks for high score instead of money". Ars Technica. Retrieved 2020-02-01.
- "0x00000FF - Overview". GitHub. Retrieved 2020-01-21.
- "rensenWare removal tool by its author". 2019-12-18. Retrieved 2020-01-21.
- "rensenWare source code". 2020-01-10. Retrieved 2020-01-21.
External links
This article incorporates material derived from the "Rensenware" article on the malware wiki at Fandom (formerly Wikia) and is licensed under the Creative Commons Attribution-Share Alike License (December 18, 2019).