Rensenware
{{Short description|Joke ransomware}}
{{Infobox software
| name = Rensenware
| logo =
| screenshot = Rensenware.webp
| screenshot size = 200px
| caption = Rensenware main window
| author = Kangjun Heo
| developer =
| repo = {{URL|https://github.com/0x00000FF/rensenware-cut|GitHub}}
| programming language = C#
| operating_system = Windows
| language =
| genre = Ransomware
| license = GNU GPL (backend)
| website =
}}
Rensenware ({{langx|ko|련선웨어}}; stylized as rensenWare) is ransomware that infects Windows computers. It was created as a joke by Kangjun Heo ({{lang|ko|허강준}}; alias "0x00000FF") and first appeared in 2017. Rensenware is unusual as an example of ransomware in that it does not request the user pay the creator of the virus to decrypt their files, instead requiring the user to achieve a required number of points in the shoot 'em up video game Undefined Fantastic Object before any decryption can take place. The main window displays Minamitsu Murasa, a character from the game. Heo released a patch that neutralizes Rensenware after the malware gained attention.
Description
Rensenware was developed by Korean undergraduate student and programmer Kangjun Heo for Windows operating systems out of boredom as a joke within the Touhou Project fandom.{{Cite web |url=https://github.com/0x00000FF |title=0x00000FF - Overview |via=GitHub |language=en |access-date=2020-01-21 |archive-date=2019-08-04 |archive-url=https://web.archive.org/web/20190804074919/https://github.com/0x00000FF |url-status=live }}{{cite web|url=https://kotaku.com/anime-malware-locks-your-files-unless-you-play-a-game-1794120750|title=Anime Malware Locks Your Files Unless You Play A Game|last=D'Anastasio|first=Cecilia|website=Kotaku|date=April 7, 2017|access-date=December 11, 2022|archive-url=https://web.archive.org/web/20221130221224/https://kotaku.com/anime-malware-locks-your-files-unless-you-play-a-game-1794120750|archive-date=November 30, 2022|url-status=live}} When executed, the program scans and encrypts files on the computer ending in specific extensions using AES-256 and appends ".RENSENWARE" to the filename.{{cite web|url=https://www.bleepingcomputer.com/news/security/rensenware-will-only-decrypt-files-if-victim-scores-2-billion-in-th12-game/|title=RensenWare Will Only Decrypt Files if Victim Scores .2 Billion in TH12 Game|last=Abrams|first=Lawrence|website=Bleeping Computer|date=April 6, 2017|access-date=December 11, 2022|archive-url=https://web.archive.org/web/20221128032217/https://www.bleepingcomputer.com/news/security/rensenware-will-only-decrypt-files-if-victim-scores-2-billion-in-th12-game/|archive-date=November 28, 2022|url-status=live}} The ransomware was first discovered by MalwareHunterTeam on April 6, 2017.{{Cite web|url=https://arstechnica.com/gaming/2017/04/do-you-want-to-play-a-game-ransomware-asks-for-high-score-instead-of-money/|title=Do you want to play a game? Ransomware asks for high score instead of money|last=Orland|first=Kyle|date=2017-04-07|website=Ars Technica|language=en-us|access-date=2020-02-01|archive-date=2020-02-01|archive-url=https://web.archive.org/web/20200201165214/https://arstechnica.com/gaming/2017/04/do-you-want-to-play-a-game-ransomware-asks-for-high-score-instead-of-money/|url-status=live}}
= Payload =
Once the files have been encrypted, a warning window depicting the character Minamitsu Murasa from the Touhou Project is displayed, which cannot be closed. The program requires the user to play the bullet hell video game Touhou Seirensen ~ Undefined Fantastic Object, which is not included with the software meaning they must download it on their own, and score at least 200 million points in the "Lunatic" level of difficulty before any decryption may take place (the program automatically detects the game's process "th12" and its accumulated points). The payload window advises the user not to kill the Rensenware main program until their files have successfully been decrypted, otherwise they will lose them permanently as the decryption keys are not locally stored.
Neutralisation tool
Heo accidentally infected himself while programming the software and found that he was unable to get the necessary score. He later released a piece of software—setting the score in game's memory directly and satisfying the Rensenware requirements{{Cite web|url=https://www.theverge.com/2017/4/7/15224264/rensenware-ransomware-virus-lock-files-anime-bullet-hell-shooter|title=New ransomware locks your files behind an anime bullet hell shooter|last=Gartenberg|first=Chaim|date=2017-04-07|website=The Verge|language=en|access-date=2020-01-21|archive-date=2020-01-20|archive-url=https://web.archive.org/web/20200120232001/https://www.theverge.com/2017/4/7/15224264/rensenware-ransomware-virus-lock-files-anime-bullet-hell-shooter|url-status=live}}—onto GitHub with an apology.{{Cite web|last=Good|first=Owen S.|date=2017-04-09|title=Virus locks out data, unless you can score 200 million in an impossible game|url=https://www.polygon.com/2017/4/9/15237830/ransomware-anime-shooter-bullet-hell-rensenware-undefined-fantastic-object-touhou-seirensen|access-date=2021-04-03|website=Polygon|archive-date=2021-04-10|archive-url=https://web.archive.org/web/20210410114057/https://www.polygon.com/2017/4/9/15237830/ransomware-anime-shooter-bullet-hell-rensenware-undefined-fantastic-object-touhou-seirensen|url-status=live}} He also released a small part of the ransomware source code without the payload.
References
{{Reflist}}
External links
- {{GitHub|0x00000FF/rensenware-cut|rensenWare}}
{{Touhou Project}}
{{Hacking in the 2010s}}