Remove Rensenware Ransomware

0
143

I wrote this article to help you remove Rensenware Ransomware. This Rensenware Ransomware removal guide works for all Windows versions.

Rensenware ransomware is an unusual win-locker. You will realize this after the insidious program states its demands. The encryption process does not differ from the algorithm of other win-lockers. Rensenware ransomware uses AES-128 cipher to render the coding schemes of the targeted objects. This is an established cryptosystem. It was devised to protect data by making it inaccessible to third parties. The cipher becomes a weapon in the hands of renegade developers. Rensenware ransomware targets different types of data, like documents, music, pictures and project files. The clandestine tool makes the vulnerable objects inaccessible and marks them with the .RENSENWARE file extension.

The author of Rensenware ransomware has made the unusual decision to claim responsibility for the virus. It is uncommon for scam artists to reveal their identity on any front. In this instance, the coder made the win-locker public, rather than seeking to infect users through dark patterns. The nefarious program first appeared on Github.com. The user who posted it goes by 0x00000FF on the forum. He stated that the program was created as a joke towards Team Shanghai Alice, a video game developer company.

This brings us to the unusual demand Rensenware ransomware makes. Unlike the vast majority, the clandestine program does not ask for money. The term “ransomware” has been coined for a reason. Most viruses of this type require victims to pay a ransom in exchange for a decryption tool or a key. Rensenware ransomware provides a decryption tool, but not in exchange for a payment. The people who had the misfortune of contacting the infection need to play a video game in order to activate it. The game is called Touhou 12 – Undefined Fantastic Object. However, the requirement is not just to play for a certain time period, but to become good at it. You have to score over 0.2 billion points in Lunatic level. The win-locker has a way of detecting your score.

What may have started as an innocent joke has now morphed into a sinister prank. By uploading the program to the web, the coder has made it public. Rensenware ransomware is now on the loose. For reasons unknown, people with bad intentions have started distributing the virus. The win-locker has been spotted in spam email campaigns. The people spreading it use the same old tricks in the book. They devise a convincing message, notifying the recipient about a non-existing important event. An attachment to the letter is listed as an official document on the matter. The topic of the spam emails varies from receipts, invoices and bank statements to bills, fines and court orders. Spammers tend to misrepresent existing entities in order to make the fake messages seem reliable. To check whether a given email is genuine, proof the sender’s contacts.

After getting to understand the concept behind Rensenware ransomware, the warning pop-up seems elaborate. The explanation begins with the question “What the HELL is it?”. If you have not seen a virus with such unusual demands before, you are not alone. This is indeed the first win-locker to set such terms. Addressing the situation behind Rensenware ransomware calls for a different approach. While we normally warn users about the risks of paying a ransom, there is no sum to be paid in this instance. Still, it would be a drag to meet the demands of this win-locker. Especially if you are not a hardcore gamer. For the majority of people who are not, we are pleased to announce that there is an alternative solution.

The developer of Rensenware ransomware has taken responsibility for unleashing the virus into the wild. He has provided the decryption tool for free download. You can acquire it from the following address: github.com/0x00000FF/rensenware_force. The file is titled rensenWare_forcer.csproj. The program can be exported using the MS Visual Studio utility. All versions from 2008 onward can be used for the purpose. The setup file of the decryption tool will be saved to your computer under the name decryptor.exe. When launched, it displays an apology message and proceeds to guide the user through the manual. Note that the window of the program has to remain open during the decryption procedure. Closing the window would make it impossible for the tool to keep decoding files.

An alternative solution is to recover your files through their shadow volume copies. We have listed several applications which can be of help below. There is also a removal guide to help you uninstall Rensenware ransomware and delete all of its files from your hard disk drive.

Rensenware Ransomware Removal

Method 1: Restore your encrypted files using ShadowExplorer
Usually, Rensenware Ransomware deletes all shadow copies, stored in your computer. Luckily, the ransomware is not always able to delete the shadow copies. So your first try should be restoring the original files from shadow copies.

  1. Download ShadowExplorer from this link: http://www.shadowexplorer.com/downloads.html.
  2. Install ShadowExplorer
  3. Open ShadowExplorer and select C: drive on the left panelshadowexplorer
  4. Choose at least a month ago date from the date field
  5. Navigate to the folder with encrypted files
  6. Right-click on the encrypted file
  7. Select “Export” and choose a destination for the original file

Method 2: Restore your encrypted files by using System Restore

  1. Go to Start –> All programs –> Accessories –> System tools –> System restore
  2. Click “Nextsystem restore
  3. Choose a restore point, at least a month ago
  4. Click “Next
  5. Choose Disk C: (should be selected by default)
  6. Click “Next“. Wait for a few minutes and the restore should be done.

Method 3: Restore your files using File Recovery Software
If none of the above method works, you should try to recover encrypted files by using File Recovery Software. Since Rensenware Ransomware first makes a copy of the original file, then encrypts it and deletes the original one, you can successfully restore the original, using a File Recovery Software. Here are a few free File Recovery Software programs:

  1. Recuva
  2. Puran File Recovery
  3. Disk Drill
  4. Glary Undelete
SHARE
Daniel Stoyanov
Daniel Stoyanov has a Master's degree in Computer Science from the Technical University of Sofia, Bulgaria. He is also a Microsoft Certified Professional. Daniel provides top cyber security news with in-depth coverage of malware, vulnerabilities, PC and Network security, online safety.If you have any questions feel free to ask him right now.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.