Rensenware

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Rensenware
Rensenware main window
Rensenware main window
Original author(s)Kangjun Heo
RepositoryGitHub
Written inC#
Operating systemWindows
TypeRansomware
LicenseGNU GPL (backend)

Rensenware (蓮船ウェアー, 련선웨어) (stylized as rensenWare) is a ransomware that infects Windows computers.[1][2] This ransomware was created as a joke by the Korean programmer Kangjun Heo (허강준) (aka "0x00000FF").[3] The ransomware was discovered at April 6, 2017.

Payload[edit]

When running, it encrypts the user's files with certain extensions. Once the files were encrypted, a warning window that cannot be closed appears. The program forces the user to play Touhou 12: Undefined Fantastic Object (which they must get on their own) in Lunatic mode and get at least 200 million points, in order to decrypt their files (the program automatically detects TH12 process and its accumulated points).[1] Is advised that the user should not kill the Rensenware main program until their files are decripted, otherwise, the user will lose their files permanently.

For the users who were affected (including their own creator who self-infected), its developer created a program to decrypt those files (which basically "cheats" TH12 by setting a custom score and injecting it into the game, satisfying the Rensenware program requirements),[4] and for those ones who want to prevent an infection, he has created another program. Its creator also released a small part of its source code on Github (without the payload).[5]

Trivia[edit]

The main window depicts "Captain Minamitsu Murasa", character from the Touhou Project franchise.

References[edit]

  1. ^ a b Gartenberg, Chaim (2017-04-07). "New ransomware locks your files behind an anime bullet hell shooter". The Verge. Retrieved 2020-01-21.
  2. ^ Orland, Kyle (2017-04-07). "Do you want to play a game? Ransomware asks for high score instead of money". Ars Technica. Retrieved 2020-02-01.
  3. ^ "0x00000FF - Overview". GitHub. Retrieved 2020-01-21.
  4. ^ "rensenWare removal tool by its author". 2019-12-18. Retrieved 2020-01-21.
  5. ^ "rensenWare source code". 2020-01-10. Retrieved 2020-01-21.

External links[edit]

This article incorporates material derived from the "Rensenware" article on the malware wiki at Wikia and is licensed under the Creative Commons Attribution-Share Alike License (December 18, 2019).