PewDiePie Ransomware Locks Your Files Until 100M Subscribers Is Reached

         What started as a joke has taken an ugly turn now. PewDiePie fans have begun taking extreme methods to ensure that people “Subscribe to PewDiePie” and the YouTuber reaches 100 million subscribers as soon as possible.

The latest one involves a ransomware strain which locks away users’ files indefinitely until PewDiePie gains 100 million subscribers.

Known as PewCrypt, this Java-based ransomware encrypted users’ files that can be recovered at a later date.

However, another PewDiePie-themed ransomware strain which appeared in December last year, locks files without any method of recovering them so the files are lost for good.

The latter is known as the PewDiePie ransomware, which is poorly written and is a modified version of the ShellLocker ransomware.

"PewDiePie" ransomware sample: https://t.co/enxLkVXQJp

It's ShellLocker.
And looking at that targeted extension, probably just a joke or something...
🤔@BleepinComputer @demonslay335 pic.twitter.com/avFgMrcdyY
— MalwareHunterTeam (@malwrhunterteam) December 17, 2018

This ransomware never saves or uploads the encryption keys anywhere, resulting in permanent locking of files. Whereas PewCrypt encrypts files correctly, but there is a catch — you cannot buy its decryption key.

Instead, victims have to wait until PewDiePie gains over 100 million followers before they are allowed to decrypt any of the affected files.

Given that PewDiePie has 90 million subscribers currently, it would be a long wait for victims. To make things worse, PewCrypt also threatens to delete the user’s encryption key forever, in case T-series reaches the 100 million mark first.

Even though this ransomware was put together as a joke, it has infected some users, according to ZDNet.

Thankfully, the author of PewCrypt realized the consequences in case a victim files a complaint to authorities. He released the ransomware’s source code on GitHub and the command-line-based decryption tool as well.

Just decompiled, afraid it's secure - AES-256 key generated using https://t.co/00rWDWdOQY.SecureRandom(), confirmed the RSA-2048 public key. It does ignore .PewCrypt, .exe, jar, and .dll extensions, and files over 20MB.

— Michael Gillespie (@demonslay335) February 22, 2019

Meanwhile, the Emsisoft team has also launched a decrypter app for PewCrypt. So in case, your files are affected by the ransomware, there is an easy way to get them back before PewDiePie reaches 100 million subscribers.

Also Read: PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws