PewDiePie fans keep making junk ransomware

Please, YouTube! Just hide PewDiePie and T-Series' followers count and put this competition to bed.

For some misguided reason, PewDiePie fans seem to believe that making and releasing ransomware is a proper and acceptable method of supporting their idol.

Over the past three months, PewDiePie fans have released at least two PewDiePie-themed ransomware strains, both under the guise of supporting PewDiePie in his quest of remaining the top most subscribed YouTube channel, in a not-so-friendly competition with Indian Bollywood channel T-Series.

While so-called "joke ransomware" has been released in the past, these two PewDiePie-themed ransomware strains are either destroying user data or encrypting files without any reasonable expectation or method to recover the data.

The two ransomware strains

The first of these strains was released in mid-December last year. Called the "PewDiePie ransomware," this was a poor attempt at modifying the ShellLocker ransomware.

The author wasn't particularly well versed in ransomware coding, and the PewDiePie ransomware never bothered to save or upload the encryption keys anywhere, meaning that anyone who got infected lost their files for good.

A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date.

The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files.

Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data.

While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned.

Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

Yesterday, the team at Emsisoft released their own decrypter app based on these two tools, meaning victims can recover files without having to wait months until PewDiePie reached 100 million subscribers.

Escalating PewDiePie vs T-Series competition

Both ransomware strains show the level of idiocy the competition for YouTube's top spot has reached. While T-Series fans have remained mostly quiet most of this time, a portion of PewDiePie's fans appears to have lost their minds and engaged in media stunts bordering on criminal behavior.

They've defaced sites, taken over printers, and hijacked thousands of Chromecasts and smart TVs to spew out messages of support and the now-classical "subscribe to PewDiePie."

The message itself has become a meme, and not in a good way.

White supremacy groups have adopted it as a chant, signifying a message of support of the "white race" in competition with the Indian "browns," represented by India's T-Series channel.

As pointed out in editorials by the New York Times and The Verge, the phrase "subscribe to PewDiePie" has become almost equivalent with dumb stunts and racially fueled declarations, and was also muttered by a gunman before embarking on a killing spree in a New Zealand mosque last week.

The meme and the world's horror after the New Zealand shootings has triggered a backlash against PewDiePie and his fanbase. After a long time, the Swedish-born YouTuber lost his top YouTube billing this week, and the world appears to have had enough of the "subscribe to PewDiePie" mantra.

With ransomware, hacking, racist chants, and mass shootings, it may be the time for YouTube to intervene and hide both channels' follower counts and put this stupid contest to bed.

More ransomware coverage: