A new variant of the Chaos ransomware is attacking Minecraft players looking to get their hands on alternate accounts to cheat or circumvent bans.
Microsoft owned-Minecraft is one of the most popular games in recent times, though its popularity has also resulted in an influx of cheaters to the platform.
While Minecraft routinely catches and bans cheaters, many rely on alternative or "alt" accounts, to continue their nefarious activities.
Recently, cybersecurity researchers from Fortinet Labs discovered a variant of the Chaos ransomware hidden in a file that pretended to contain a list of such Minecraft alt accounts.
Cheating cheaters
In a post detailing the activity, Fortinet researchers Shunichi Imano and Fred Gutierrez argue that the ransomware appears to target Minecraft players in Japan.
Analyzing the variant, the researchers note that the ransomware searches for and encrypts all files smaller than 2MB. However, bigger files of certain file types are overwritten with random data, rendering them unrecoverable even after the payment of the ransom.
Furthermore, although the malware doesn’t exfiltrate the encrypted data, it does delete shadow copies from the compromised machines, further complicating recovery. The attackers demand cryptocurrency worth 2,000 Yen or about $17.5.
“Despite its cheap ransom demand, its ability to destroy data and render it unrecoverable makes it more than a mere prank to annoy Japanese Minecraft gamers….The best advice is for players to stay off suspicious gaming cheat sites and simply enjoy the game the way it was meant to be played,” conclude the researchers.
Use one of the best endpoint protection tools to add another layer of defense against such file-borne cyberattacks
