New Ransomware Locks Your Files Until You Play PUBG

New Ransomware Locks Your Files Until You Play PUBG

Most high profile ransomware attacks follow the same playbook. Malware is installed on a system and encrypts certain folders and files. To access the files again, hapless users have to pay a fee to the hackers and hope they receive an unlock code in return. It’s a mugging, updated for the 21st century.

But there’s no intrinsic reason hackers have to demand money. They might request anything from nude photos (which might hilariously backfire, depending on which businesses were initially infected) to Amazon gift cards. And in one memorable case, a black hat is demanding that people play PUBG to unlock their files, Bleeping Computer reports.

Another top quality ransomware that asks you to play a game to decrypt files: "PUBG Ransomware".Sample: https://t.co/qyEHMG2orLExtension: .PUBGThis sample only encrypts files on desktop (including subdirectories)…@BleepinComputer @demonslay335 pic.twitter.com/5406DPbwmX

— MalwareHunterTeam (@malwrhunterteam) April 9, 2018

The only files encrypted are those on your desktop. As malware goes, this one is pretty lightweight. While the program claims to monitor your PUBG playing time, there’s no need to actually play for an hour — starting the executable for just three seconds is apparently enough to begin the decryption process. You don’t even actually need to play PlayerUnknown’s Battlegrounds. Rename any executable TSLGame.exe, run that, and the unlock process begins again. And the app even includes an unlock code that’ll let you reverse the encryption process without playing the game.

On the surface, this reads more like a silly prank than a serious attempt to extort people. After all, it doesn’t even work particularly well. But this kind of activity could have a genuine dark side. Instead of encrypting files for cash, hackers could request people perform seemingly small tasks that installed malware to their system to exfiltrate additional data.

If you’ve surfed the net for any length of time, you’ve probably encountered pop-up ads that insist you need to install a certain plugin or application to view content. Chain that attack vector to ransomware, and people might willingly compromise their own machines. Infected machines could then be leveraged in botnet attacks or have their data exfiltrated.

And that, of course, is just the tip of the iceberg. We’ve already seen how companies are willing to game systems to improve product sales, to the point that certain people have gotten products from Amazon that they never ordered, just to generate verified sales for reviews on the site. To the best of our knowledge, ransomware hasn’t been used for this kind of scam yet, but it could be. Want to drive page views or YouTube video plays? Fold it into a ransomware attack. When you ask for $5,000, people balk. If you ask them to watch a video, they’d be more likely to click the link, hit Play, and go pour a cup of coffee.

This time it was PUBG. Next time… next time, it could be Nickelback.

May God have mercy on our souls.

Continue reading

Google Kills Free Photo Storage, Changes What Counts Toward Storage Caps
Google Kills Free Photo Storage, Changes What Counts Toward Storage Caps

Google has announced some significant changes to Photos, especially if you use the service for automatic backup.

Terraria Dev Cancels Stadia Version After Getting Locked Out of Google Account
Terraria Dev Cancels Stadia Version After Getting Locked Out of Google Account

Re-Logic co-founder Andrew Spinks says Google has banned his account, locking him out of thousands worth of dollars in content. His response is to cancel Terraria for Stadia.

Nvidia’s RTX 3080 Ti Possibly Pushed Back Until May, Ampere in Short Supply
Nvidia’s RTX 3080 Ti Possibly Pushed Back Until May, Ampere in Short Supply

Nvidia may have delayed the RTX 3080 Ti back to May, and Ampere GPUs are in short supply. Samsung's production woes may not have ended.

Evidence Mounts Samsung Will Return to Google Wear OS, Ditch Tizen
Evidence Mounts Samsung Will Return to Google Wear OS, Ditch Tizen

Most big smartphone makers stopped making Wear OS watches over the intervening years, but a new report adds credence to the rumors that Samsung could be coming back to the Google fold.