Rensenware’s warning screen asks for a high score, rather than the usual reward, to decrypt your files.
Currently, Ars readers have heard numerous stories of computer users being forced to pay significant amounts of money to unlock files encrypted with malicious ransomware. So we were a little surprised when the news started to trickle in about a new piece of ransomware that doesn’t ask for money. Instead, “Rensenware” forces players to get high scores in a tough PC shoot-em-up to decrypt their files.
As Malware Hunter Team spotted yesterday, users of systems infected with Rensenware are faced with the usual ransomware-style warning that “your precious data such as documents, music, images and some sort of project files” are “encrypted with a very strong encryption algorithm”. The only way to break the encryption lock, according to the warning, is to score “0.2 billion at LUNATIC level” on TH12 ~ Undefined fantastic object. That’s easier said than done, as this ‘bullet hell’ style Japanese shooter gameplay video shows.
Gameplay by TH12 ~ Undefined fantastic object on Lunatic difficulty. Players needed 200 million points to unlock the “Rensenware” malware.
As you may have guessed from the details here, the Rensenware bug is made more in the spirit of fun than malice. After Rensenware was published on Twitter, the creator, who continues Tvple Eraser on Twitter and often posts in Korean, he apologized for releasing what he admitted was “some kind of very deadly malware.”
“I was joking and just laughing with people who love Touhou Project Series,” writes Tvple eraser. “So I distributed the source code except for the compiled binaries on the web. But at the point of distribution, the tragedy started.
“A number of people blamed me. It’s natural. Because I made an accident absolutely wrong,” he continues. “I’m not sure if this apology is enough for you. If not, I apologize again… It wasn’t meant badly. I hope you understand. [sic]”
The apology is embedded in a Rensenware “forcer” tool released by Tvple Eraser to directly manipulate the game’s memory, bypass the malware’s encryption without having to play the game (assuming you have a copy installed) . While the original Rensenware source code has been removed from the creator’s Github page, a new “cut” version has replaced it, showing the original joke without any actually malicious forced encryption.
On the one hand, it seems that Tvple Eraser has never tried to force Rensenware on remote computers, as most ransomware developers do for fun and/or profit. On the other hand, the internet is what it is, the source code is undoubtedly still floating around, maybe even in a modified form that can’t be beat by the new “forcer” tool. If a malicious user uses Rensenware code, the “joke” can be quite expensive and harmful to all involved.
That said, Tvple Eraser seems genuinely apologetic for any unintended consequences of releasing what he thought was just a fun joke. “I will NEVER create malware or anything like that,” he said writes on Twitter.