RensenWare

RensenWare targets Windows OS and the distribution method is currently unknown. Reportedly, RensenWare was created as a "joke" by its developer and was never meant for distribution as it was designed to deliver a unique ransom demand. Victims infected by RensenWare originally needed to play a game called "TH12 ~ Undefined Fantastic Object" and reach a score above 0.2 billion in the "Lunatic" level in order to decrypt their files. RensenWare scans a system for specific file types and encrypts them using AES-256, appending .RENSENWARE to the file names. Once the encryption process is complete, it displays a ransom note featuring the character "Captain Minamitsu Murasa" from the Touhou Project game series and the unusual ransom demand. Any victim who shuts the infected system down or does not complete the ransom demand permanently loses the decryption key. To monitor the game score, RensenWare scans for a process called "th12" and reads the process' memory to determine what level of the game and score has been reached. If the 0.2 billion point score has been reached, RensenWare saves the decryption key to the system's desktop and decrypts the files. Once reports about this variant began to surface, the developer released a free decryption tool for potential victims.

  • Bleeping Computer has more information about RensenWare here.
  • A free decryption tool for RensenWare is available on GitHub here.