While well-organized cybercriminals are devising complex ransomware attacks on organizations worldwide, there are some novice cryptographers developing non-malicious codes to play pranks. In one such latest case, a team tasked to detect different ransomware strains lingering in the cyberspace has identified a harmless ransomware goes with the name PUBG.
So, let’s see what this ransomware prank is all about.
There is an online game ‘PlayerUnknown’s Battlegrounds’ and its users can be targeted with PUBG ransomware. It’s interesting to note that the attackers have used the name of the game’s developer for their encryption extension. Yes, PUBG Corporations is the company that has developed and published this game.
The ransomware locks down the files and folders on the user’s desktop. Once the encryption completes, a window appears on the desktop and states two options of ransomware decrypt to the user.
- A simple decryption key
- Playing the game for one hour for automatic ransomware decrypt
The operators have made it clear in the note that they are not doing it for monetary reasons. But they haven’t stated any purpose of the attack either.
The Code is Simple
The structure of PUBG ransomware is very basic in nature. First of all, it doesn’t run an extensive encryption activity on the device to lock down its entire data. Only desktop data gets encrypted with the extension ‘PUBG’. Secondly, it doesn’t have the capability to monitor whether the game is being played for complete one hour.
According to the testers, just running the game window for few seconds starts the automatic ransomware decrypt. This means the ransomware only checks for the process name and doesn’t authenticate any other information to ensure whether the user is playing the game or not.
Experts who detected this ransomware think that it’s just a random outing of amateur developers. We have seen it in the past as well where a ransomware locked down the data of the players playing TH12 game. The user could start ransomware decrypt process by scoring 0.2 billion points in the game. Otherwise, the targeted individual could lose his encrypted files forever.
For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.
