Researchers have discovered a strange new ransomware called ‘rensenWare’. Rather than demanding money for decryption, it requires the victim to score “over 0.2 billion” playing “TH12 — Undefined Fantastic Object”. Victims are told that the score will be monitored, and decryption will be automatic on success, provided there is no attempt to cheat.
Analysis by Lawrence Abrams subsequently concluded that rensenWare is not effectively coded for it to be serious ransomware. “As the developer is not looking to generate revenue from this ransomware,” he concluded, “this program was most likely created as a joke. Regardless of the reasons, it illustrates another new and innovative way that a ransomware can be developed.”
This seems to have been confirmed by the author, Tvple Eraser on Twitter: “Hell, I’ll NEVER make any malware or any similar thing. making was so fun, however as a result, it made me so exhausted, /w no foods all day”. rensenWare seems to have been a bit of fun by a gamer/hacker, and that’s all.
That seems to be the feeling of the security industry. “Never say never, but I don’t think we’ll see much copycat efforts spawning from rensenware,” Sean Sullivan, Security Advisor at F-Secure told SecurityWeek. Nevertheless, he added, “There was some interesting ‘Kirk’ ransomware the other week (and Spock was the cure). So I think we’ll see continued amounts of ‘creative’ themes, but they’ll be asking for Bitcoin, not high scores.”
But hard-core gaming has its own sub-culture. SecurityWeek approached two hard-cores. One responded, “Oh, yes, most definitely this will provoke some copycat jokes and viruses.” This is worth watching, because ‘vendettas’ among gamers are not unknown.
The other added, “In retrospect, I’m surprised no-one has done a ransomware like this already.” He added that there’s not much ‘buzz’ on the gaming scene yet, possibly because it’s so new; but continued “I’d say there’s a reasonable chance of it sparking a new ‘subgenre’ of ransomware viruses (challengeware?) and I can even see a toned-down version of it being used in viral marketing campaigns.”
Right now, the basic concept developed by Tvple Eraser is not a threat — but it has the potential to become one, or at last a nuisance. In fact, it could already be described as a nuisance. Googling ‘rensenware’ will generate a string of websites providing information on a threat that arguably does not exist, but all offering to remove it (and other ransomware/viruses) with a simple download.
That download is invariably SpyHunter. SpyHunter used to thought of as ‘rogueware’. It has fought this description vigorously, including in the courts. It has sued both BleepingComputer after a poor review, and Malwarebytes for classifying it as a PUP (potentially unwanted program). SecurityWeek asked Malwarebytes if it still treats SpyHunter as a PUP.
“Enigma’s SpyHunter?” replied malware intelligence researcher Pieter Arntz; “Yes, definitely.”