New ransomware forces you to play PUBG video game.



The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of PUBG Ransomware [Pubg.RSM] actively spreading in the wild.

PUBG Ransomware encrypts the victims files and force them to play an hour of a game called PlayerUnknown’s Battlegrounds to get their files back.

Infection Cycle:

Once the computer is compromised, the Ransomware starts searching for document files with following extensions:

While Ransomware is encrypting files, it will encrypt all files and append the .Pubg extension onto each encrypted file’s filename.

After Ransomware encrypts all personal documents it generates a message that the computer has been encrypted and giving you two methods that you can use to decrypt the encrypted files.

The first method that can be used to decrypt the files is to simply enter the following code into the program and click the Restore code button.

For The second method you need to play PlayerUnknown’s Battlegrounds for a few seconds.

The Ransomware checks if you’re playing PlayerUnknown’s Battlegrounds by monitoring the running processes on your machine.

The PUBG Ransomware isn’t so advanced at all; running any executable called TslGame.exe will decrypt the files. Even the Ransomware stated that you need to play one hour you only need to run the executable for few seconds.

Sonicwall Capture Labs provides protection against this threat via the following signature:

  • GAV: Pubg.RSM (Trojan)
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.