Those fans of PewDiePie who have been hit by the ransomware attack, which sort to ensure that people subscribe to PewDiePie's YouTube channel to reach 100 million subscribers, locking away their files indefinitely until the goal is met, can now rejoice as workarounds have been released.
While the PewDiePie-themed ransomware strain first appeared last year, known as PewCrypt, a Java-based ransomware that encrypt users’ files that can only be recovered at a given time in the future when the target goal has been achieved, and in this case, getting PewDiePie's YouTube channel to reach 100 million subscribers.
The PewDiePie ransomware is poorly written and a modified version of the ShellLocker ransomware, albeit the later never saves or uploads the encryption keys, which results in permanent locking out of files.
PewCrypt victims are supposed to wait until PewDiePie gains 100 million followers before they are allowed to decrypt the affected files, they can't buy the decryption key from anywhere. And to worsen the case, PewCrypt threatens to delete the entire files of users forever, if T-series reaches the 100 million subscribers mark first.
But the author of PewCrypt has released the ransomware’s code on GitHub and the command-line-based tool for decryption to help those who have been affected by the ransomware.
Just decompiled, afraid it's secure - AES-256 key generated using https://t.co/00rWDWdOQY.SecureRandom(), confirmed the RSA-2048 public key. It does ignore .PewCrypt, .exe, jar, and .dll extensions, and files over 20MB.
— Michael Gillespie (@demonslay335) February 22, 2019
Additionally, there is a decrypter app for PewCrypt launched by Emsisoft to help all those affected by the ransomware to retrieve their files, even before the supposed goal of PewDiePie reaching 100 million subscribers.
No comments