Rensenware

Rensenware
	Windows
Type	Ransomware
License	GNU GPL (backend)

Rensenware (

Minamitsu Murasa

, a character from the game. Heo released a patch that neutralizes Rensenware after the malware gained attention.

Description

Rensenware was developed by Korean undergraduate student and programmer Kangjun Heo for

AES-256 and appends ".RENSENWARE" to the filename.^[3] The ransomware was first discovered by MalwareHunterTeam on April 6, 2017.^[4]

Payload

Once the files have been encrypted, a warning window depicting the character

Minamitsu Murasa from the Touhou Project is displayed, which cannot be closed. The program requires the user to play the bullet hell video game Touhou Seirensen ~ Undefined Fantastic Object, which is not included with the software meaning they must download it on their own,^[4] and score at least 200 million points in the "Lunatic" level of difficulty before any decryption may take place (the program automatically detects the game's process "th12" and its accumulated points). The payload window advises the user not to kill the Rensenware main program until their files have successfully been decrypted, otherwise they will lose them permanently as the decryption keys are not locally stored.^[3]

Neutralisation tool

Heo accidentally infected himself while programming the software and found that he was unable to get the necessary score. He later released a piece of software that neutralized Rensenware (by setting a custom score and injecting it into the game, satisfying the Rensenware program requirements)[4]^[5] onto GitHub with an apology.^[6] He also released a small part of the ransomware source code without the payload.^[5]

References

^ "0x00000FF - Overview". Archived from the original on 2019-08-04. Retrieved 2020-01-21 – via GitHub.
^ D'Anastasio, Cecilia (April 7, 2017). "Anime Malware Locks Your Files Unless You Play A Game". Kotaku. Archived from the original on November 30, 2022. Retrieved December 11, 2022.
^ ^a ^b Abrams, Lawrence (April 6, 2017). "RensenWare Will Only Decrypt Files if Victim Scores .2 Billion in TH12 Game". Bleeping Computer. Archived from the original on November 28, 2022. Retrieved December 11, 2022.
^ ^a ^b ^c Orland, Kyle (2017-04-07). "Do you want to play a game? Ransomware asks for high score instead of money". Ars Technica. Archived from the original on 2020-02-01. Retrieved 2020-02-01.
^ ^a ^b Gartenberg, Chaim (2017-04-07). "New ransomware locks your files behind an anime bullet hell shooter". The Verge. Archived from the original on 2020-01-20. Retrieved 2020-01-21.
^ Good, Owen S. (2017-04-09). "Virus locks out data, unless you can score 200 million in an impossible game". Polygon. Archived from the original on 2021-04-10. Retrieved 2021-04-03.

External links

rensenWare on GitHub

[1] "0x00000FF - Overview". Archived from the original on 2019-08-04. Retrieved 2020-01-21 – via GitHub.

[2] D'Anastasio, Cecilia (April 7, 2017). "Anime Malware Locks Your Files Unless You Play A Game". Kotaku. Archived from the original on November 30, 2022. Retrieved December 11, 2022.

[Abrams_2017-3] Abrams, Lawrence (April 6, 2017). "RensenWare Will Only Decrypt Files if Victim Scores .2 Billion in TH12 Game". Bleeping Computer. Archived from the original on November 28, 2022. Retrieved December 11, 2022.

[Ars-4] Orland, Kyle (2017-04-07). "Do you want to play a game? Ransomware asks for high score instead of money". Ars Technica. Archived from the original on 2020-02-01. Retrieved 2020-02-01.

[Verge-5] Gartenberg, Chaim (2017-04-07). "New ransomware locks your files behind an anime bullet hell shooter". The Verge. Archived from the original on 2020-01-20. Retrieved 2020-01-21.

[6] Good, Owen S. (2017-04-09). "Virus locks out data, unless you can score 200 million in an impossible game". Polygon. Archived from the original on 2021-04-10. Retrieved 2021-04-03.

[3]

[4]

[5]

[6]