The Latest Pro-PewDiePie Hackers Locked Users’ Files Until They Subscribed

In his fight to remain the most-subscribed creator on YouTube, PewDiePie has gotten major support from hackers. One group hacked printers and smart TVs to spit out “subscribe to PewDiePie” propaganda (and to warn those hacked that their devices were vulnerable). Another group hacked The Wall Street Journal and replaced one of its pages with a similar call to action.

The hacks, though undoubtedly annoying for those struck, didn’t do any lasting damage. Now, however, there are reports of two pro-PewDiePie strains of ransomware that are capable of causing significant problems for those who catch them. To be clear right off the bat, we’re not sure how many people have been affected, and though one of the viruses has no fix (more details below), the creator of the second ransomware program has since released information to help undo the damage they caused.

Let’s back up. Ransomware, for those who don’t know, is a type of computer virus. It’s primarily spread through “drive-by download” attacks, where users visit infected sites and, without any indication that something’s even happening, the malware downloads and installs itself on their computers. Once nested there, ransomware has full access to a user’s files. Generally, ransomware (per its name) then locks the user out of the files and demands a monetary ransom in exchange for unlocking them. In some cases, the virus will threaten to release sensitive information to the internet if the user doesn’t pay up. If — and this is important — the user does pay as demanded, they’ll receive an encryption key they can use to uninstall the ransomware, regaining access to their files.

One of the two PewDiePie viruses, simply called “PewDiePie Ransomware,” started spreading in December of last year, ZDNet reports. A screencap taken by virus-busters Malware Hunter Team

shows that when users were infected, the ransomware locked their files and demanded they subscribe to PewDiePie to if they wanted their information back.

Except there’s one problem: the person who designed PewDiePie Ransomware didn’t design it with the crucial encryption keys. Malware Hunter Team dug into the virus’s code and concluded that even the creator of the virus would be unable to unlock infected users’ files because there are simply no keys with which to do so.

The second strain of PewDiePie ransomware began popping up more recently. Unlike the first, this virus, called “PewCrypt,” is fully functional. Instead of being designed so it unlocks when infected users pay ransoms, though, it’s designed to tell users to subscribe to PewDiePie, and then keep their files on lock until PewDiePie reaches 100 million subscribers. (He’s currently at 90.7 million.)

There’s also a catch: if T-Series, PewDiePie’s longtime rival, hits 100 million subscribers before he does, the ransomware will delete the user’s encryption key, locking their data permanently.

ZDNet confirms PewCrypt did infect at least a few people. However, apparently upon realizing his malware was spreading, PewCrypt’s designer released a universal encryption key, along with the virus’s source code, and claimed it wasn’t made maliciously.

Software designer Emsisoft used the source code and encryption key to make a free tool, released yesterday, that will unlock any infected computers and recover users’ files.

The behavior of PewDiePie’s fans has been a major topic this past week, after a white supremacist told people to “subscribe to PewDiePie” before storming two mosques and murdering 50 people. In the wake of the massacre, PewDiePie decried the shooter on Twitter.