Threat Database Ransomware Rensenware Ransomware

Rensenware Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 15,791
Threat Level: 100 % (High)
Infected Computers: 71
First Seen: April 10, 2017
Last Seen: September 16, 2022
OS(es) Affected: Windows

The Rensenware Ransomware is an encryption ransomware Trojan that was uploaded to by a person going by the online handle '0x00000FF,' who created the Rensenware Ransomware to, supposedly, play a joke on other computer users. The Rensenware Ransomware, unlike most ransomware Trojans, does not demand the payment of a ransom to decrypt the files it encrypts in the attack. Rather, the Rensenware Ransomware encrypts the victim's files using a strong encryption but demands that the victim generates a score of 12 billion on the game 'Touhou 12' in the 'Lunatic' difficulty. This is extremely difficult, meaning that most of the victims fail the Rensenware Ransomware test.

The Unusual Ransom Demanded by the Rensenware Ransomware

The Rensenware Ransomware carries out an attack that is typical of these infections, with the only difference being the nature of the 'ransom' the Rensenware Ransomware demands. Ransomware Trojans like this one encrypt the victim's files using a strong encryption, in this case, the AES 128, targeting documents commonly used on the victim's computer. The Rensenware Ransomware is capable of encrypting most commonly used media, audio, video, image, text, spreadsheet, database, as well as various other files generated by software commonly used. The files encrypted in the Rensenware Ransomware attack will be easy to identify because the Rensenware Ransomware adds the file extension 'RENSENWARE' to the end of each affected file. The Rensenware Ransomware displays a program window that cannot be closed or minimized with its ransom demand. The window is named 'Rensenware WARNING!' and contains the following text:

Your system have been encrypted by Rense
What the HELL is it?
Minamitsu "The Captain" Murasa encrypted your precious data like documents, musics, pictures, and some kinda project files. it can't be recovered without this application because they are encrypted with highly strong encryption algorithm, using random key.
How can I recover my files?
That's easy. You just play TH12 ~ Undefined Fantastic Object and score over 0.2 billion in LUNATIC level. this application will detect TH12 process and score automatically. DO NOT TRY CHEATING OR TEMRMINATE THIS APPLICATION IF YOU DON'T WANT TO BLOW UP THE ENCRYPTION KEY!'

Infected Users can Stop Worrying

Although the Rensenware Ransomware is clearly a joke that the author meant to play on other PC gamers, the author, itself, has come under attack. This is because the source code for the Rensenware Ransomware was made public, meaning that con artists can adapt it to create their own attacks, a simple matter of replacing the 'gameplay' portion of its attack with a simple demand for money. In fact, many ransomware Trojans active today were spawned from careless code made public for educational or entertainment purposes. The author of the Rensenware Ransomware has replaced the Rensenware Ransomware's code on GitHub with a decryption tool that allows computer users to recover the affected files. The Rensenware Ransomware has also published the following apology:

'I distributed source code except compiled binary on the web. However, at the point of the distribution, the tragedy was beginning.
Maybe It's okay if I remove the encryption/decryption logic before I distribute the source code. then rensenWare can be treated kind of joke program. but I didn't.
A number of people blamed me. It's natural. because I made accident definitely wrong.
So I pulled down the source code of the rensenWare from the Github, and made this tool. I hope this tool can help the ones who are already affected by rensenWare.'

The Easy Way out of a Rensenware Ransomware Infection

If the Rensenware Ransomware has infected your files, you must keep the ransom note window open and download the free decryption tool provided by the Rensenware Ransomware's author. This file can be loaded using Microsoft Visual Studio and then exported as an executable file. The decryption includes an apology from the author. If the warning window is closed before the decryption is carried out, it will be impossible to recover the affected files, making the Rensenware Ransomware's effects possibly devastating to computer users without file backups.


Most Viewed