• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

PUBG Ransomware Forces Users to Play PUBG to Decrypt Their Files

Joined
Sep 22, 2017
Messages
889 (0.34/day)
MalwareHunterTeam recently discovered the PUBG ransomware that is currently floating around the internet. When executed, the pesky program would encrypt the files and folders that are located on the victim's desktop and add the ".PUBG" extension to them. While meant to be more of a joke than actual malware, the program demands that the victim play PUBG for an hour. Nevertheless, users can decrypt their files in two ways. They can introduce the "s2acxx56a2sae5fjh5k2gb5s2e" code into the program and proceed to restore their files or launch the PUBG executable for three seconds. MalwareHunterTeam noted that the program runs a background check for a "TslGame" process, and therefore users can rename any executable to TslGame.exe and trick the malware into thinking that the fake executable is the real deal.


View at TechPowerUp Main Site
 

peche

Thermaltake fanboy
Joined
Nov 7, 2014
Messages
6,709 (1.83/day)
Location
San Jose, Costa Rica
System Name Athenna
Processor intel i7 3770 *Dellided*
Motherboard GIGABYTE GA-Z68X-UD3H-B3 Rev. 1.1
Cooling Thermaltake Water 3.0 Pro + Tt Riing12 x2 / Tt ThunderBlade / Gelid Slim 120UV fans
Memory 16GB DRR3 Kingoston with Custom Tt spreaders + HyperX Fan
Video Card(s) GeForce GTX 980 4GB Nvidia Sample
Storage Crucial M4 SSD 64GB's / Seagate Barracuda 2TB / Seagate Barracuda 320GB's
Display(s) 22" LG FLATRON 1920 x 1280p
Case Thermaltake Commander G42 Window
Audio Device(s) On-board Dolby 5.1+ Kingston HyperX Cloud 1
Power Supply Themaltake TR2 700W 80plus bronce & APC Pro backup 1000Va
Mouse Tt eSports Level 10M Rev 1.0 Diamond Black & Tt Conkor "L" mouse pad
Keyboard Tt eSports KNUCKER
Software windows 10x64Pro
Benchmark Scores well I've fried a 775' P4 12 years ago, that counts?

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
42,078 (6.62/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Well that games ratings just went down the toilet
 
Joined
Aug 3, 2011
Messages
307 (0.06/day)
Processor Ryzen 2700X
Motherboard Asrock X470 Master sli/ac
Cooling Raijintek Themis Evo
Memory Team Dark Pro 3200 cl14
Video Card(s) GTX 1080
Power Supply Seasonic Focus Gold Plus 850W
Make one which forces the user to answer physics or chemistry questions, that will make the world a better place.
 

the54thvoid

Super Intoxicated Moderator
Staff member
Joined
Dec 14, 2009
Messages
13,046 (2.39/day)
Location
Glasgow - home of formal profanity
Processor Ryzen 7800X3D
Motherboard MSI MAG Mortar B650 (wifi)
Cooling be quiet! Dark Rock Pro 4
Memory 32GB Kingston Fury
Video Card(s) Gainward RTX4070ti
Storage Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Asus Prime AP201
Audio Device(s) On Board
Power Supply be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software W10
I don't generally do negative news comments but this was sent to me via a google feed last week. Even the source article is a week old. I think the news section ought to have 'news', not 'olds'.
 
Joined
Sep 17, 2014
Messages
22,424 (6.03/day)
Location
The Washing Machine
Processor 7800X3D
Motherboard MSI MAG Mortar b650m wifi
Cooling Thermalright Peerless Assassin
Memory 32GB Corsair Vengeance 30CL6000
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Lexar NM790 4TB + Samsung 850 EVO 1TB + Samsung 980 1TB + Crucial BX100 250GB
Display(s) Gigabyte G34QWC (3440x1440)
Case Lian Li A3 mATX White
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse Steelseries Aerox 5
Keyboard Lenovo Thinkpad Trackpoint II
Software W11 IoT Enterprise LTSC
Benchmark Scores Over 9000
I don't generally do negative news comments but this was sent to me via a google feed last week. Even the source article is a week old. I think the news section ought to have 'news', not 'olds'.

+1
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,106 (1.27/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
"Want to play a cruel joke on your buddies? Send them a copy of the PUBG ransomware."
How irresponsible of the OP to POST THIS
TPU Staff you can do better
 
Last edited:
Joined
Mar 15, 2008
Messages
1,110 (0.18/day)
Chino said:
Want to play a cruel joke on your buddies? Send them a copy of the PUBG ransomware.

I cannot believe what TPU has become. Encrypting and decrypting all files on a computer is not a joke. A lot of things can go wrong and some of the files might become corrupted and unusable. Anyone who writes for TPU should know better than to advocate something like this...
 
Joined
Feb 8, 2012
Messages
3,014 (0.65/day)
Location
Zagreb, Croatia
System Name Windows 10 64-bit Core i7 6700
Processor Intel Core i7 6700
Motherboard Asus Z170M-PLUS
Cooling Corsair AIO
Memory 2 x 8 GB Kingston DDR4 2666
Video Card(s) Gigabyte NVIDIA GeForce GTX 1060 6GB
Storage Western Digital Caviar Blue 1 TB, Seagate Baracuda 1 TB
Display(s) Dell P2414H
Case Corsair Carbide Air 540
Audio Device(s) Realtek HD Audio
Power Supply Corsair TX v2 650W
Mouse Steelseries Sensei
Keyboard CM Storm Quickfire Pro, Cherry MX Reds
Software MS Windows 10 Pro 64-bit
Have you noticed, guy names his own methods in Spanish

RutinaDeCifrado seems like DecypheringRoutine
BusarArchivos seems like ShearchArchives

Didn't bother to change his default class name Form1 to something meaningful though ... and he detects process only by name (edit: ah, it's what article is about)
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,865 (2.88/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
This little "joke" is nastier than it first seems, as others have explained on here. I'll bet some malware programmer has already made a more damaging version of it, with real consequences.

"Want to play a cruel joke on your buddies? Send them a copy of the PUBG ransomware."

I don't think it's a good idea to give people ideas, either. There's nothing humorous about this malware.
 
Joined
Feb 8, 2012
Messages
3,014 (0.65/day)
Location
Zagreb, Croatia
System Name Windows 10 64-bit Core i7 6700
Processor Intel Core i7 6700
Motherboard Asus Z170M-PLUS
Cooling Corsair AIO
Memory 2 x 8 GB Kingston DDR4 2666
Video Card(s) Gigabyte NVIDIA GeForce GTX 1060 6GB
Storage Western Digital Caviar Blue 1 TB, Seagate Baracuda 1 TB
Display(s) Dell P2414H
Case Corsair Carbide Air 540
Audio Device(s) Realtek HD Audio
Power Supply Corsair TX v2 650W
Mouse Steelseries Sensei
Keyboard CM Storm Quickfire Pro, Cherry MX Reds
Software MS Windows 10 Pro 64-bit
I don't think it's a good idea to give people ideas, either. There's nothing humorous about this malware.
I don't want to downplay seriousness of this, but as far as the damage goes, running an executable (as admin) you didn't acquire through official means, the possible damage can be even worse and just as easily as this
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,865 (2.88/day)
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
I don't want to downplay seriousness of this, but as far as the damage goes, running an executable (as admin) you didn't acquire through official means, the possible damage can be even worse and just as easily as this
Yeah, good point. The more one thinks about it, the uglier it gets.
 

peche

Thermaltake fanboy
Joined
Nov 7, 2014
Messages
6,709 (1.83/day)
Location
San Jose, Costa Rica
System Name Athenna
Processor intel i7 3770 *Dellided*
Motherboard GIGABYTE GA-Z68X-UD3H-B3 Rev. 1.1
Cooling Thermaltake Water 3.0 Pro + Tt Riing12 x2 / Tt ThunderBlade / Gelid Slim 120UV fans
Memory 16GB DRR3 Kingoston with Custom Tt spreaders + HyperX Fan
Video Card(s) GeForce GTX 980 4GB Nvidia Sample
Storage Crucial M4 SSD 64GB's / Seagate Barracuda 2TB / Seagate Barracuda 320GB's
Display(s) 22" LG FLATRON 1920 x 1280p
Case Thermaltake Commander G42 Window
Audio Device(s) On-board Dolby 5.1+ Kingston HyperX Cloud 1
Power Supply Themaltake TR2 700W 80plus bronce & APC Pro backup 1000Va
Mouse Tt eSports Level 10M Rev 1.0 Diamond Black & Tt Conkor "L" mouse pad
Keyboard Tt eSports KNUCKER
Software windows 10x64Pro
Benchmark Scores well I've fried a 775' P4 12 years ago, that counts?
How irresponsible of the OP to POST THIS
TPU Staff you can do better
that was my sarcastic point, that should not be in news list, guest and people on internet have different interpretations for this..... just my two cents...
 
Top