New Malware Forces Users to Play PUBG To Unlock Their Files

Game Rant

By GR Staff

Published Apr 10, 2018

A new ransomware has been discovered that forces the user to play PlayerUnknown's Battlegrounds in order to unlock the encrypted files on their desktop.

In what seems to be a joke, a new ransomware has been discovered that will lock a user's files until they play PlayerUnknown's Battlegrounds, or, even more simply, just enter a code into a field.

When the user launches the ransomware, it encrypts every file and folder exclusively on the desktop and changes the file formats to ".PUBG." When it has finished encrypting the files, a screen will display two methods of decryption that the user can choose, depending on their sense of humor. It could be a joke, or an attempt to keep the game alive after the sudden rise of another Battle Royale game, Fortnite, which was recently shown to make more money than PlayerUnknown's Battlegrounds, while still being free-to-play.

As stated in the instructions on the screen, one method that can be used to decrypt the files on the user's desktop is to type "s2acxx56a2sae5fjh5k2gb5s2e" into the "restore code" field on the menu and click the Restore button. The code is in the included image, so the user has to type it out, which is only a minor inconvenience.

In fact, the whole ransomware is a minor inconvenience to anyone who is unlucky enough to be infected by it, but it is a fairly innocuous type of malware. Most likely this was a joke created by someone who is either bored or, more sinisterly, using it as a test for something much bigger. There is a second method, however, which includes the record-breaking best-seller PlayerUnknown's Battlegrounds.

The other, and more themed method of decryption is for the user to launch PlayerUnknown's Battlegrounds on their computer (if they have it) and play the battle royale game for over 3 seconds (even though it states for over an hour). It detects this by searching for the process "TslGame" on the computer. Once the process is detected, the ransomware automatically decrypts the users desktop files. This comes after the launch of PUBG Mobile, a port of the original game onto mobile devices that released last month.

When looking at the code, it is a very simple malware that only looks for a file named "TslGame.exe," which means the user doesn't even have to run PUBG, only an executable titled TslGame - making it likely to be more of a joke than practice. Either way, it seems to be harmless to any user who might get infected with it, for now.

PlayerUnknown's Battlegrounds is available now on Android, iOS, Windows PC, and Xbox One.

Source: MalwareHunterTeam (via BleepingComputer)