Rensenware Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 73 |
First Seen: | April 10, 2017 |
Last Seen: | January 15, 2023 |
OS(es) Affected: | Windows |
The Rensenware Ransomware is an encryption ransomware Trojan that was uploaded to Github.com by a person going by the online handle '0x00000FF,' who created the Rensenware Ransomware to, supposedly, play a joke on other computer users. The Rensenware Ransomware, unlike most ransomware Trojans, does not demand the payment of a ransom to decrypt the files it encrypts in the attack. Rather, the Rensenware Ransomware encrypts the victim's files using a strong encryption but demands that the victim generates a score of 12 billion on the game 'Touhou 12' in the 'Lunatic' difficulty. This is extremely difficult, meaning that most of the victims fail the Rensenware Ransomware test.
Table of Contents
The Unusual Ransom Demanded by the Rensenware Ransomware
The Rensenware Ransomware carries out an attack that is typical of these infections, with the only difference being the nature of the 'ransom' the Rensenware Ransomware demands. Ransomware Trojans like this one encrypt the victim's files using a strong encryption, in this case, the AES 128, targeting documents commonly used on the victim's computer. The Rensenware Ransomware is capable of encrypting most commonly used media, audio, video, image, text, spreadsheet, database, as well as various other files generated by software commonly used. The files encrypted in the Rensenware Ransomware attack will be easy to identify because the Rensenware Ransomware adds the file extension 'RENSENWARE' to the end of each affected file. The Rensenware Ransomware displays a program window that cannot be closed or minimized with its ransom demand. The window is named 'Rensenware WARNING!' and contains the following text:
'WARNING!
Your system have been encrypted by Rense
What the HELL is it?
Minamitsu "The Captain" Murasa encrypted your precious data like documents, musics, pictures, and some kinda project files. it can't be recovered without this application because they are encrypted with highly strong encryption algorithm, using random key.
How can I recover my files?
That's easy. You just play TH12 ~ Undefined Fantastic Object and score over 0.2 billion in LUNATIC level. this application will detect TH12 process and score automatically. DO NOT TRY CHEATING OR TEMRMINATE THIS APPLICATION IF YOU DON'T WANT TO BLOW UP THE ENCRYPTION KEY!'
Infected Users can Stop Worrying
Although the Rensenware Ransomware is clearly a joke that the author meant to play on other PC gamers, the author, itself, has come under attack. This is because the source code for the Rensenware Ransomware was made public, meaning that con artists can adapt it to create their own attacks, a simple matter of replacing the 'gameplay' portion of its attack with a simple demand for money. In fact, many ransomware Trojans active today were spawned from careless code made public for educational or entertainment purposes. The author of the Rensenware Ransomware has replaced the Rensenware Ransomware's code on GitHub with a decryption tool that allows computer users to recover the affected files. The Rensenware Ransomware has also published the following apology:
'I distributed source code except compiled binary on the web. However, at the point of the distribution, the tragedy was beginning.
Maybe It's okay if I remove the encryption/decryption logic before I distribute the source code. then rensenWare can be treated kind of joke program. but I didn't.
A number of people blamed me. It's natural. because I made accident definitely wrong.
So I pulled down the source code of the rensenWare from the Github, and made this tool. I hope this tool can help the ones who are already affected by rensenWare.'
The Easy Way out of a Rensenware Ransomware Infection
If the Rensenware Ransomware has infected your files, you must keep the ransom note window open and download the free decryption tool provided by the Rensenware Ransomware's author. This file can be loaded using Microsoft Visual Studio and then exported as an executable file. The decryption includes an apology from the author. If the warning window is closed before the decryption is carried out, it will be impossible to recover the affected files, making the Rensenware Ransomware's effects possibly devastating to computer users without file backups.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.