Have you been asked to play a video game called PlayerUnknown's Battlegrounds for an hour? If so you most likely came across a malicious threat called Pubg Ransomware. Our specialists say it enciphers particular personal data with AES encryption algorithm and then shows a note telling the user has to play to decipher his data. There are other ways to recover encrypted files too, but we will talk about them later in the text. Besides, while reading our article, you will learn where Pubg Ransomware could come from, how it works, and most importantly how to eliminate it. Naturally, deleting the malware might not be an easy task for less experienced users which is why we will be adding our recommended removal steps a bit below the article. For more information, we invite you to take a look at the rest of our report.
Given the malicious program was most likely inspired by a specific game, we would not be surprised if the malware was spread via gamer chatrooms, infected cracks or keygens, and so on. Knowing this, it would be a smart idea to stay away from potentially dangerous content and keep a reliable security tool if you do not want to put your device at risk. Compared to other similar threats Pubg Ransomware does not look so dangerous; therefore, you may as well consider yourself to be lucky to have encountered a ransomware application that does not encipher all files on the device or demand to pay a ransom.
According to our specialists who tested Pubg Ransomware, it targets only the data available on the infected computer’s Desktop. To be more accurate, it should not encipher files located in your Downloads, Pictures, Music, or any other location besides the Desktop folder. As we explained earlier, its name comes from a video game called PlayerUnknown's Battlegrounds since the malware shows a ransom note claiming the files will be decrypted if the user plays the game for one hour. In fact, it gives another option as the note also says “or restore code is [s2acxx56a2sae5fjh5k2gb5s2e]”. The problem is the line where you need to type the code is fake. Still, we would recommend trying this option because if there are slightly different Pubg Ransomware’s versions, it is possible some of them could have functioning code boxes.
If the code option is impossible you are left with two other options: to play the mentioned game for an hour or trick the malware into thinking you are playing. The research showed the threat searches for the game’s process (TslGame.exe), and if it finds it running for 60 minutes, it deciphers encrypted data. To make it seem like the game’s process is running you could rename any other .exe file and leave it running in for one hour, for example, it could be any other game you have. Once the data gets decrypted, you can rename the chosen file again.
Another thing you should do is remove the malicious program. It might not look harmful, but leaving it unattended could be dangerous. Thus, it is advisable to eliminate Pubg Ransomware at once. Users who think they can handle the task could use the steps located slightly below this report. The other way to get rid of the infection is to acquire a reliable security tool, scan the system with it, and press the deletion button it should provide after the scan.
|#||File Name||File Size (Bytes)||File Hash|
|1||PUBG Ransom.exe||41472 bytes||MD5: 0997ba7292ddbac1c7e7ade6766ed53c|
|#||Process Name||Process Filename||Main module size|
|1||PUBG Ransom.exe||PUBG Ransom.exe||41472 bytes|