PiewDiePie Ransomware: Encrypted files until YouTuber reaches 100 million subscribers

Subscribers to the PewDiePie YouTube channel have decided to take drastic steps to make the famous content creator consolidate as the user with the most subscribers of the video platform, mention experts in ethical hacking training in India and specialists from the International Institute of Cyber Security.

As reported, some unknown user developed a ransomware variant that encrypts victims’ files and they will only be decrypted when the content creator reaches 100 million subscribers. According to the experts in ethical hacking training in India, the tool in question, known as PewCrypt, is a Java-based ransomware that has encrypted thousands of files so far.

Anyways, this is not the worst part; last December experts discovered a new variant of ransomware related to this campaign, only this time the malicious software locks the files and does not have a recovery mode, so the victims lose their information forever.

Known as PewDiePie ransomware, this is a modified and poorly written version of the popular ransomware ShellLocker, reported experts in ethical hacking training in India.

The PewDiePie ransomware never stores the encryption keys of the victims, so the compromised files will remain locked forever. On the other hand, PewCrypt applies a correct encryption, although the victims cannot buy the encryption key, since it is not for sale.

Instead of negotiating a ransom with the attackers, the victims must wait until the YouTuber reaches or exceeds 100 million of subscribers; attackers ensure that when this happens all files will be decrypted.

Right now PewDiePie has 90 million subscribers, so it could take a long time for the desired amount to be reached and the files could be released. As if that were not enough, the operators of PewCrypt ransomware have threatened to delete the encryption keys if the channel T-series, closest competitor of PewDiePie, reaches the figure before the Swedish YouTuber.

Although the development of this ransomware began as a joke, there are real cases of infection, said the experts in cybersecurity. To avoid criminal action against them, the developers of PewCrypt ransomware recently published the software code on GitHub, as well as publishing a tool to remove encryption.