HOME

TheInfoList



Click Here for Items Related To - Rensenware
OR:
Rensenware on:   [Wikipedia]   [Google]   [Amazon]

Rensenware ( ko, 련선웨어; stylized as rensenWare) is
ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
that infects
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
computers. It was created as a joke by Kangjun Heo (; alias "0x00000FF") and first appeared in 2017. Rensenware is unusual as an example of ransomware in that it does not request the user pay the creator of the virus to
decrypt In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
their files, instead requiring the user to achieve a required number of points in the
bullet hell Shoot 'em ups (also known as shmups or STGs ) are a sub-genre of action games. There is no consensus as to which design elements compose a shoot 'em up; some restrict the definition to games featuring spacecraft and certain types of charact ...
game '' Touhou Seirensen ~ Undefined Fantastic Object'' before any decryption can take place. The main window displays Minamitsu Murasa, a character from the game. Heo released a patch that neutralizes Rensenware after the malware gained attention.


Description

Rensenware was developed by Korean undergraduate student and programmer Kangjun Heo for
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
operating systems out of boredom as a joke within the ''
Touhou Project The , also known simply as , is a bullet hell shoot 'em up video game series created by one-man independent Japanese ''doujin'' soft developer Team Shanghai Alice. Since 1995, the team's member, Jun'ya "ZUN" Ōta, has independently developed ...
'' fandom. When executed, the program scans and encrypts all files on the computer that end in certain
extensions Extension, extend or extended may refer to: Mathematics Logic or set theory * Axiom of extensionality * Extensible cardinal * Extension (model theory) * Extension (predicate logic), the set of tuples of values that satisfy the predicate * Ex ...
using
AES-256 The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
and appends ".RENSENWARE" to the
filename A filename or file name is a name used to uniquely identify a computer file in a directory structure. Different file systems impose different restrictions on filename lengths. A filename may (depending on the file system) include: * name &ndas ...
. The ransomware was first discovered by MalwareHunterTeam on April 6, 2017.


Payload

Once the files have been encrypted, a warning window depicting the character Minamitsu Murasa from the ''Touhou Project'' is displayed, which cannot be closed. The program requires the user to play the
bullet hell Shoot 'em ups (also known as shmups or STGs ) are a sub-genre of action games. There is no consensus as to which design elements compose a shoot 'em up; some restrict the definition to games featuring spacecraft and certain types of charact ...
video game '' Touhou Seirensen ~ Undefined Fantastic Object'', which is not included with the software meaning they must download it on their own, and score at least 200 million points in the "Lunatic" level of difficulty before any decryption may take place (the program automatically detects the game's
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
"th12" and its accumulated points). The
payload Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...
window advises the user not to kill the Rensenware main program until their files have successfully been decrypted, otherwise they will lose them permanently as the decryption keys are not locally stored.


Neutralisation tool

Heo accidentally infected himself while programming the software and found that he was unable to get the necessary score. He later released a piece of software that neutralized Rensenware (by setting a custom score and injecting it into the game, satisfying the Rensenware program requirements) onto
GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous ...
with an apology. He also released a small part of the ransomware source code without the payload.


References


External links

* {{Hacking in the 2010s Ransomware Touhou Project