In his fight to remain the most-subscribed creator on YouTube, PewDiePie has gotten major support from hackers. One group hacked printers and smart TVs to spit out “subscribe to PewDiePie” propaganda (and to warn those hacked that their devices were vulnerable). Another group hacked The Wall Street Journal and replaced one of its pages with a similar call to action.
The hacks, though undoubtedly annoying for those struck, didn’t do any lasting damage. Now, however, there are reports of two pro-PewDiePie strains of ransomware that are capable of causing significant problems for those who catch them. To be clear right off the bat, we’re not sure how many people have been affected, and though one of the viruses has no fix (more details below), the creator of the second ransomware program has since released information to help undo the damage they caused.
Let’s back up. Ransomware, for those who don’t know, is a type of computer virus. It’s primarily spread through “drive-by download” attacks, where users visit infected sites and, without any indication that something’s even happening, the malware downloads and installs itself on their computers. Once nested there, ransomware has full access to a user’s files. Generally, ransomware (per its name) then locks the user out of the files and demands a monetary ransom in exchange for unlocking them. In some cases, the virus will threaten to release sensitive information to the internet if the user doesn’t pay up. If — and this is important — the user does pay as demanded, they’ll receive an encryption key they can use to uninstall the ransomware, regaining access to their files.
One of the two PewDiePie viruses, simply called “PewDiePie Ransomware,” started spreading in December of last year, ZDNet reports. A screencap taken by virus-busters Malware Hunter Team shows that when users were infected, the ransomware locked their files and demanded they subscribe to PewDiePie to if they wanted their information back.
Except there’s one problem: the person who designed PewDiePie Ransomware didn’t design it with the crucial encryption keys. Malware Hunter Team dug into the virus’s code and concluded that even the creator of the virus would be unable to unlock infected users’ files because there are simply no keys with which to do so.
“PewDiePie” ransomware sample: https://t.co/enxLkVXQJp
And looking at that targeted extension, probably just a joke or something…
🤔@BleepinComputer @demonslay335 pic.twitter.com/avFgMrcdyY
— MalwareHunterTeam (@malwrhunterteam) December 17, 2018
The second strain of PewDiePie ransomware began popping up more recently. Unlike the first, this virus, called “PewCrypt,” is fully functional. Instead of being designed so it unlocks when infected users pay ransoms, though, it’s designed to tell users to subscribe to PewDiePie, and then keep their files on lock until PewDiePie reaches 100 million subscribers. (He’s currently at 90.7 million.)
There’s also a catch: if T-Series, PewDiePie’s longtime rival, hits 100 million subscribers before he does, the ransomware will delete the user’s encryption key, locking their data permanently.
ZDNet confirms PewCrypt did infect at least a few people. However, apparently upon realizing his malware was spreading, PewCrypt’s designer released a universal encryption key, along with the virus’s source code, and claimed it wasn’t made maliciously.
I made this whilst learning java 😂I hope I didn’t cause to much of an issue for anyone. Here is the decryption tool: https://t.co/2hkUIsLRxv its command line based. Keep up to good work
— __JustMe__ (@JustMe79194181) February 25, 2019
Software designer Emsisoft used the source code and encryption key to make a free tool, released yesterday, that will unlock any infected computers and recover users’ files.
The behavior of PewDiePie’s fans has been a major topic this past week, after a white supremacist told people to “subscribe to PewDiePie” before storming two mosques and murdering 50 people. In the wake of the massacre, PewDiePie decried the shooter on Twitter.
Just heard news of the devastating reports from New Zealand Christchurch.
I feel absolutely sickened having my name uttered by this person.
My heart and thoughts go out to the victims, families and everyone affected by this tragedy.
— ƿ૯ωძɿ૯ƿɿ૯ (@pewdiepie) March 15, 2019