Ransomware - KashimaWare

KashimaWare
Aliases
Kashima
Decryptor Available
No
Description

KashimaWare, or Kashima, is a variant of rensenWare, the open-source ransomware created by a South Korean undergraduate student that required victims to play a bullet hell game and get 200 million points on lunatic difficulty. The author of rensenWare infected himself and created a decryptor for his ransomware. However, that decryptor does not work for KashimaWare. The differences between KashimaWare and rensenWare are:

  • the ransom note image and name;
  • the files it targets to encrypt (only .cfg and .js files);
  • and the condition to satisfy decryption.

Instead of the 200 million points required by rensenWare, KashimaWare requires users to "running nixware loader" by creating a file named "nixware.exe." Once an executable with that name is run, it will detect the process name, and the files will revert to normal.

Ransomware Type
Crypto-Ransomware
First Seen
Last Seen
Lineage
Extortion Types
Direct Extortion
Encryption
Type
Symmetric
Files
AES-256-CBC
File Extension
<file name>.KASHIMA
Ransom Note Name
KashimaWare WARNING!
Ransom Note Image
Samples (SHA-256)
30676a6dd904f40d821e62e24c8d357dca75370211b7ec4ed290500ab631fb95
References & Publications
The Crypto-Ransomware Digest: RensenWare (and variants)