Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Asks For High Score Instead of Money (arstechnica.com)

Posted by BeauHD on from the do-you-want-to-play-a-game dept.

An anonymous reader quotes a report from Ars Technica: Rensenware" forces players to get a high score in a difficult PC shoot-em-up to decrypt their files. As Malware Hunter Team noted yesterday, users on systems infected with Rensenware are faced with the usual ransomware-style warning that "your precious data like documents, musics, pictures, and some kinda project files" have been "encrypted with highly strong encryption algorithm." The only way to break the encryption lock, according to the warning, is to "score 0.2 billion in LUNATIC level" on TH12 ~ Undefined Fantastic Object. That's easier said than done, as this gameplay video of the "bullet hell" style Japanese shooter shows. As you may have guessed from the specifics here, the Rensenware bug was created more in the spirit of fun than maliciousness. After Rensenware was publicized on Twitter, its creator, who goes by Tvple Eraser on Twitter and often posts in Korean, released an apology for releasing what he admitted was "a kind of highly-fatal malware." The apology is embedded in a Rensenware "forcer" tool that Tvple Eraser has released to manipulate the game's memory directly, getting around the malware's encryption without the need to play the game (assuming you have a copy installed, that is). While the original Rensenware source code has been taken down from the creator's Github page, a new "cut" version has taken its place, showing off the original joke without any actually malicious forced encryption.

18 of 36 comments (clear)

  1. Always trust Centauri. by freeze128 · · Score: 4, Funny

    This sounds like like a recruitment tool for the Star League to defend The Frontier against Xur and the Kodan armada.

    1. Re:Always trust Centauri. by AbRASiON · · Score: 2

      Just a note on this post:

      I re-watched that film only 6 months ago and besides some weak CGI man does it REALLY hold up. It's nice to see a film that's more than just action scenes, flashy CGI and generally poorly written characters and script.

      If you're thinking of re-watching the movie and concerned it'll be dated trash. Don't, much like WarGames it very very much holds up, recommended.

    2. Re:Always trust Centauri. by tlhIngan · · Score: 1

      besides some weak CGI

      You have to remember TLS was (along with Tron) the pioneers of CGI - and that computers in the 80s were kinda weak. That said, they did render TLS on a Cray X-MP, the worlds fastest computer back in 1983 running at a blistering 115MHz with around 16MB of RAM. (Though you could get large storage arrays, even 1GB SSDs). Even then at 250k polygons it still was a challenge for the machine. Plus the technology had to be invented - unlike today where you can go out and download yourself a high quality renderer (RenderMan free) as well as get access to high quality tools, back then all had to be created, on production timelines.

      Plus, I don't believe texturing was available back then - everything CGI was simply shaded...

  2. Re:Doesn't matter.... by lucasnate1 · · Score: 1

    Do you also think that if someone designs a new gun he should be in jail? If not I would be glad to know why this is different.

    --
    Avantgarde Hebrew science fiction
  3. Re:Doesn't matter.... by Gravis+Zero · · Score: 1

    Someone has likely mirrored the original code. It will likely wind up used in other tools. This person needs to be in jail.

    Ransomware doesn't occur in a vacuum but rather it's a simple application that uses many different libraries. Anyone with half a brain can make it, so what does it matter if someone mirrors the code?

    I think more effort should be put into protecting data from accidental or malicious destruction by an application rather than trying to force the world to conform any particular set of laws. Seriously, it wouldn't take many changes to prevent this kind of shit from happening.

    --
    Anons need not reply. Questions end with a question mark.
  4. Neat by ArylAkamov · · Score: 2

    This is my kind of high stakes gameplay. Challenge accepted.

  5. let's play global thermonuclear war by Joe_Dragon · · Score: 1

    To get your files back you need to nuke North Korea with less then 500 us troops loss

  6. Re:Doesn't matter.... by Highdude702 · · Score: 1

    THIS! See this is why i like your comments. you normally dont feed into the bullshit and you have a solid head on your shoulders. Why punish the people pointing out how fucking stupid you are, when you can just learn how to avoid it completely. people with no idea on how the internet works, Im looking at you Billy Gates.... adopt all this new fangled IoT crap thats insecure against viruses(what we will call it) as a sheep skin condom. yet want to jail the people telling them that that condom only protects against pregnancy and not HiV. its ludicrous! Atleast go after the maufacturers that are just trying to peel the dollars out of your pocket and give no fucks about what happens on your network.

  7. Re:Doesn't matter.... by Highdude702 · · Score: 1

    Not all operating systems do. And the tools that most OS's provide(windows mainly) are filled full of more holes than the item that will let the intruders in. Its like when people buy a .99 cent store pad lock and wonder how their dog broke into the treat box it was on. When you can chew thru a lock its not secure.

  8. Undefined Fantastic Object at line 322 by bandwidthcrisis · · Score: 2

    That game name could easily be an error code from Java or maybe C#.

  9. How long until by XparXnoiaX · · Score: 1

    How long will it take until manufacturers take security seriously?

    --
    Irresponsible disclosure is responsible
    1. Re:How long until by HiThere · · Score: 1

      Until the manufacturers bear liability for the problems they enable.

      The problem with that is, unless they also get the benefit of the benefits then enable, then they'll just stop selling things. Whoops! (For some of these manufactures I'd count that a win, e.g. MS, but mine is not the majority opinion.)

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    2. Re:How long until by bluescrn · · Score: 3, Insightful

      Manufacturers are taking it more seriously. But for consumers, it comes with a very high price.

      There's some increasingly secure platforms out there (iOS, UWP, games consoles), where code is signed and runs in a sandboxed environment. But you can't run your own code on them, unless it's been approved, censored, and taxed by a monopolistic App Store.

    3. Re:How long until by drinkypoo · · Score: 1

      What if you just made them liable for the problems they enable up to the cost of the OS? If everyone asks for a refund, just processing all the refunds will put them out of business, let alone actually paying them.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:How long until by XparXnoiaX · · Score: 1

      There are manufacturers still leaving telnet ports open. It's not secure, and iOS is not secure.

      --
      Irresponsible disclosure is responsible
  10. Interesting by ZeRu · · Score: 1

    Just pay someone who plays games a lot to reach the score for you. Basement nerds, this is your five minutes of fortune!

    --
    If you post as an AC, don't expect me to spend a mod point on you.
  11. Re:Doesn't matter.... by Gravis+Zero · · Score: 1

    you have a solid head on your shoulders.

    Don't tell anyone but it's only the outside that's solid because the inside is squishy. ;)

    --
    Anons need not reply. Questions end with a question mark.
  12. Re:Doesn't matter.... by Highdude702 · · Score: 1

    Better than empty!