Home Malware Programs Ransomware Rensenware Ransomware

Rensenware Ransomware

Posted: April 10, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 171
First Seen: April 10, 2017
Last Seen: January 15, 2023
OS(es) Affected: Windows

The Rensenware Ransomware is a Trojan that locks your files with an encryption algorithm until you reach a specified high score in an accompanying video game. Although its ransoming demand is less expensive than those of most, similar Trojans, the Rensenware Ransomware still is a threat to your files. Use backups or the free software recommended in this article to recover any encoded content and remove the Rensenware Ransomware with any standardized anti-malware product.

Shoot-'Em-Up to Shoot Trojans Down

The early days of threatening software often were steeped in the idle mischief of compromising PCs for amusement, rather than money. While the threat marketplace has undergone a swerve towards profit, since that time, at least one programmer still has an interest in programming Trojans 'the old-fashioned way.' His project, the Rensenware Ransomware, leverages file-encrypting attacks, not for making ransom money, but for forcing the victim to play a video game.

The original versions of the Rensenware Ransomware encrypt files on your PC, such as documents, to block you from being able to open them, similar to the attacks of the Crysis Ransomware, Troldesh or Hidden Tear. When it finishes encrypting that content, the Rensenware Ransomware loads a pop-up window displaying a character from the 'Touhou' spaceship-shooter franchise, along with an explanation of its demands. Instead of requesting money to have their files unlocked with the built-in decryptor feature, the Rensenware Ransomware asks its victims to beat a high score in the game on the 'Insane' difficulty setting.

Upon an initial look, the above conditions may seem trivial, compared to the Bitcoin ransoms of up to thousands of dollars that malware experts see in competing Trojans. However, the 'bullet hell' genre that Touhou belongs to is notorious for its severe difficulty, potentially putting the decryptor out of the reach of all but the most experienced players. Malware experts do note that the Rensenware Ransomware doesn't include any anti-cheat functionality, meaning that interested users could 'trick' the Trojan by editing the relevant memory values directly.

Declaring a Ceasefire in Video Game Warfare

In addition to being a throwback to the entertainment-oriented days of threatening software, the Rensenware Ransomware also is a rarity for being the product of a repentant threat actor. Its author has modified versions of the threat available publicly to exclude the encryption attack, in addition to providing a custom utility for triggering the Rensenware Ransomware's decryption via brute force. Some third-party game cheat resources also can provide working solutions, although malware experts recommend avoiding downloads of illicit software, particularly through unsafe resources like torrent networks.

The Rensenware Ransomware never was meant to be distributed in the wild. However, the threat industry is rife with examples of open-source Trojans having their code hijacked and abused for worse purposes than were intended originally, as readers can see with the variants of Hidden Tear and EDA2. Backups are the most guaranteed way of preventing Trojans with file-encrypting payloads from causing any harm that you can't resolve without fulfilling the ransom demands inevitably. Professional anti-malware protection also can preempt the encryption attack by removing the Rensenware Ransomware before it.

Compared to its more profit-oriented competitors, the Rensenware Ransomware's extortion preference is one of the most remarkable to date, but its method of taking your files hostage is anything but unusual. The long-term safety of your media is anything but a game, and relatively few gamers should feel comfortable with needing to beat an arbitrary score in a space shooter to reacquire their media.

Loading...