Disclaimer: This is obviously ransomware, even though there is a forcer, please do not go trying to install this on your main computer. Either use a virtual machine, or watch someone go over it.
Rensenware (蓮船ウェアー, 련선웨어; stylized as rensenWare) is a ransom ware that can infect Windows computers, featuring Minamitsu Murasa. It was made by the Korean programmer Kangjun Heo (허강준). It was originally made as a joke, but got too way out of hand. It was discovered on April 6, 2017.
rensenWare inside of an active window.
When running, it encrypts the user's files with some extensions. Once the files were encrypted, a warning window that cannot be closed appears. The program forces the user to play Touhou Seirensen ~ Undefined Fantastic Object, which is not included with the ransomware and they must download on their own, and play "Lunatic" mode and get at least 200 million points, in order to decrypt their files (the program automatically detects the game's process "TH12" and its accumulated points).[1] It is advised that the user should not kill the Rensenware main program until their files are decrypted, otherwise, the user will lose their files permanently.
While making the program, Kangiun had forgotten to run it on a virtual machine, decrypting his files. This then, led him to make & release another program that would brute force rensenWare to decrypt the users files. He later also released the same malware with a small part of the code, just without the payload. The following files would be affected: .jpg, .txt, .png, .pdf, .hwp, .psd, .cs, .c, .cpp, .vb, .bas, .frm, .mp3, .wav, .flac, .gif, .doc, .xls, .xlsx.docx, .ppt, .pptx, .js, .avi, .mp4, .mkv, .zip, .rar, .alz, .egg, .7z, .raw
The way rensenWare decrypts files is by scanning the computer for any of the files above, and would then add .RENSENWARE at the end of them. Lets say you had photo.png, installing this program would lead to the file becoming photo.png.RENSENWARE. Even if you copied the file and removed the .RENSENWARE at the end, it would still be decrypted and corrupted. Displayed in a video by SomeOrdinaryGamers, a .txt file that had been copied, and had the .RENSENWARE removed, it had still been terribly corrupted. The message on the .exe would read:
Forcer used to get rid of rensenWare.
"Minamitsu "The Captain" Murasa encrypted your precious data like documents, musics, pictures, and some kinda project files. it can't be recovered without this application because they are encrypted with highly strong encryption algorithm, using random key."
"That's easy. You just play TH12 ~ Undefined Fantastic Object and score over 0.2 billion in LUNATIC level. this application will detect TH12 process and score automatically. DO NOT TRY CHEATING OR TEMRMINATE THIS APPLICATION IF YOU DON'T WANT TO BLOW UP THE ENCRYPTION KEY!"