PewCrypt Ransomware

The PewCrypt Ransomware is a file-locking Trojan that encrypts your media with the AES and RSA algorithms while blocking the screen with its ransom message. Its ransoming instructions, instead of asking for money, require subscribing to the Youtuber PewDiePie and threaten the deletion of the unlocking code if a rival beats his subscription number. The users can restore their files with the freely-available decryptor or a backup, and have proper anti-malware products ready for uninstalling the PewCrypt Ransomware safely.

The Alchemy of Subscription Rivalry Turning into Data Attacks

Malware researchers and others are examining a new kind of file-locking Trojan in the industry, with an emphasis on preventing possible attacks that could be bent on manipulating online follower statistics. The PewCrypt Ransomware is an independent threat whose author claims that it owes its development to learning Java. While there is some proof of his good intentions, the users infected by the PewCrypt Ransomware will be dealing with the same file blockades that they would struggle against under a 'for-profit' equivalent, like the Dharma Ransomware's family.

The PewCrypt Ransomware is a Java-based Windows program that uses the ever-typical combination of the AES and RSA algorithms for locking the victim's JPG pictures, Word documents and other media. The PewCrypt Ransomware adds a 'PewCrypt' extension at the end of their names, as well, without taking away the default one. While malware researchers aren't able to confirm a full list of the affected formats, the PewCrypt Ransomware does refrain from locking files over twenty megabytes, along with any ones bearing the EXE, JAR or DLL extensions.

The PewCrypt Ransomware, like many of the file-locking Trojans of today, includes a pop-up that may block your Windows desktop. This ransoming message, however, doesn't ransom your files for Bitcoins or vouchers. The PewCrypt Ransomware demands the user's subscription to PewDiePie's Youtube channel while claiming that a sufficiently high subscription mark will trigger the release of the unlocking application, instead of asking for money. This odd choice of a ransom is being backed up by the threat of a dynamic deadline: PewDiePie's subscription count being surpassed by that of rival T-Series, in theory, triggers the deletion of the decryption key.

The Influence of Online Media on Your Local Files

Those not keeping well-informed about the state of the video game-streaming industry may be surprised upon learning that the PewCrypt Ransomware's ransom note hinges around nothing more than an eight-minute interval wherein PewDiePie briefly was no longer the most-subscribed channel on Youtube. Fortunately, the PewCrypt Ransomware's author has chosen not to release the Trojan in earnest and is providing a free decryption utility at Google Drive. Users can recover their files with this program, although most file-locker Trojans don't possess solutions equivalently easy, to which, malware experts emphasize the necessity of backups.

The samples malware experts have available imply an increasingly poor evasion rate against most AV databases, although the PewCrypt Ransomware isn't in live distribution. Users encountering this threat by such means as torrents, malvertising, or spam e-mails should be capable of blocking its installation with the appropriate security products. Since file-locking Trojans can be delivered by means that are also capable of dropping other threats, the users should remove the PewCrypt Ransomware with anti-malware tools that can detect related issues even if the limited file damage is reversible.

The PewCrypt Ransomware may be a learning tool for its author, but what's educational for researchers can be unsafe when taken out of context. Fortunately, the PewCrypt Ransomware isn't likely of becoming the next Hidden Tear – the PewDiePie equivalent of the file-locker Trojan industry.