The rise of Battle Royale games has been steadily increasing in the past few months, and we can probably thank PlayerUnknown's Battlegrounds for that. Everybody seems to love PUBG, as it has already sold 33 Million units on PC alone in less than a year.
Some people seem to love the game so much that they create very bizarre programs, like this PUBG Ransomware that will encrypt all of your desktop files—including subdirectories—until you start playing the game "for at least an hour." This is by far one of the weirdest pieces of software we've ever written about.
The malware was first spotted by MalwareHunterTeam, explaining that the software encrypts and decrypts files using a .PUBG file extension.
Another top quality ransomware that asks you to play a game to decrypt files: "PUBG Ransomware".— MalwareHunterTeam (@malwrhunterteam) April 9, 2018
This sample only encrypts files on desktop (including subdirectories)...@BleepinComputer @demonslay335 pic.twitter.com/5406DPbwmX
After encrypting your files, the malware will open a new window with clear instructions on how you can decrypt the files. It offers two options: Either you use the restore code "s2acxx56a2sae5fjh5k2gb5s2e" into the software, or you can just start playing PlayerUnknown's Battlegrounds.
As the source code below illustrates, the software will monitor your computer's running processes and check if "TslGame"—PUBG's process—is running. Although it's stated by the Ransomware that you need to play the game for an hour, you only need to have the process running for about 3 seconds until your files get decrypted.
Because the source code isn't too advanced and only checks the processes by name, another way of dealing with this Ransomware is to run any executable called TslGame.exe, and it will automatically decrypt your desktop files.
This Ransomware isn't dangerous per se, but it's definitely not something you want to install. We don't know for sure what the software is doing in the background without a deep dive into the entire code.