SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT


New ransomware forces you to play PUBG video game. (Apr 19, 2018)



Description


The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of PUBG Ransomware [Pubg.RSM] actively spreading in the wild.

PUBG Ransomware encrypts the victims files and force them to play an hour of a game called PlayerUnknown's Battlegrounds to get their files back.

Infection Cycle:

Once the computer is compromised, the Ransomware starts searching for document files with following extensions:

While Ransomware is encrypting files, it will encrypt all files and append the .Pubg extension onto each encrypted file's filename.

After Ransomware encrypts all personal documents it generates a message that the computer has been encrypted and giving you two methods that you can use to decrypt the encrypted files.

The first method that can be used to decrypt the files is to simply enter the following code into the program and click the Restore code button.

For The second method you need to play PlayerUnknown's Battlegrounds for a few seconds.

The Ransomware checks if you're playing PlayerUnknown's Battlegrounds by monitoring the running processes on your machine.

The PUBG Ransomware isn't so advanced at all; running any executable called TslGame.exe will decrypt the files. Even the Ransomware stated that you need to play one hour you only need to run the executable for few seconds.

Sonicwall Capture Labs provides protection against this threat via the following signature:

  • GAV: Pubg.RSM (Trojan)




Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#SonicWall
© 2018 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.21.1 | S2MSW04