CATEGORIES
home News

Shady Malware Distributor Is Hunting Minecraft Players With Chaos Ransomware

by Nathan OrdSunday, October 31, 2021, 12:15 PM EDT
minecraft cheaters never prosper after ransomware attack
Cheaters never prosper, especially when they are being targeted by ransomware-laden files scattered about the internet. Whether or not comeuppance like this is deserved, Japanese Minecraft players looking for alternate accounts to cheat or circumvent bans are being infected by the Chaos ransomware variant in a ghastly way.

Minecraft, owned by Microsoft, has become one of the most popular games in the last 12 years. However, with this level of popularity comes numerous issues, such as cheating across the 22 platforms on which Minecraft is offered. Thankfully, many of these cheaters eventually get caught and banned, but there are also ways around a ban to continue wreaking havoc on servers worldwide. This includes users going out and acquiring alternative or "alt" accounts, sometimes for nefarious activities.

world minecraft cheaters never prosper after ransomware attack
Image Courtesy of Minecraft.net

When it comes to using alt-accounts for nefarious activities, people are generally not willing to pay when they know that the account will eventually get banned as well. As such, these people go online and look for lists of stolen accounts that can be used and thrown away if banned. Understanding this premise, Fortinet discovered that threat actors have disguised Chaos ransomware as a text-file list of "Minecraft Alt" accounts. That file gets downloaded and opened under the guise that it is a handy list of stolen accounts, which is where the problem lies.

deleted files extensions minecraft cheaters never prosper after ransomware attack
A list of file types that would be overwritten by the Chaos Ransomware

Once opened, the executable encrypts files smaller than ~2MB and effectively deletes anything larger with specified extensions by filling the data with random bytes. Moreover, the ransomware deletes shadow copies from the machine, disallowing any recovery of files that had become encrypted. After this series of events unfolds, a readme.txt file is dropped on the victim's device, asking the user to pay 2,000 yen or around $17. Though the program's code does not indicate the origin, the request of yen and the ransom note only being available in Japanese points to a Japanese threat actor targeting Japanese Minecraft players on Windows devices.

ransom note minecraft cheaters never prosper after ransomware attack
The Japanese ransom note in a dropped ReadMe.txt

The Fortinet team elaborates, "despite its cheap ransom demand, its ability to destroy data and render it unrecoverable makes it more than a mere prank to annoy Japanese Minecraft gamers." Of course, the solution to this problem is to not go looking for Minecraft cheats and alt accounts in the first place, but getting hit this hard with ransomware is quite severe. Let us know what you think in the comments below.
Tags:  Gaming, Microsoft, security, cybersecurity, Minecraft, Ransomware, (nasdaq:msft)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment