Through phony Minecraft alt lists advertised on gaming forums, the Chaos Ransomware gang encrypts users’ Windows devices. According to Nintendo sales figures, Minecraft is a trendy sandbox video game that is presently played by over 140 million people and is a top-selling title in Japan.
As per FortiGuard experts, a newly discovered form of the Chaos ransomware is now being circulated in Japan, encrypting Minecraft users’ data and dropping ransom letters.
Threat actors employ ‘alt list’ text files that ostensibly include stolen Minecraft account credentials but are Chaos ransomware executables.
Minecraft gamers who wish to troll or grief other players without risking their accounts being banned may occasionally search ‘alt’ lists for stolen accounts to use for illegal acts. Alt lists are constantly in demand due to their popularity, and they are frequently given for free or via automated account generators that provide the community with “spare” accounts.
When the Chaos ransomware encrypts a victim’s files, it adds four random characters or numbers as an extension. The ransomware will also drop a ransom message called ‘ReadMe.txt,’ which demands 2,000 yen ($17.56) in pre-paid cards from the threat actors.
This specific form of Chaos Ransomware is set up to look for the affected systems and encrypt files less than 2MB. However, if the file is greater than 2MB, it will insert random bytes into it, rendering it unrecoverable even if a ransom is paid.
Those who settle the ransom may only restore lesser files due to the attack’s damaging nature. The reason for this functionality is unknown. However, it might be due to faulty coding, wrong setting, or a deliberate attempt to harm players’ data.
The threat actors are advertising text files in this effort to create a false sense of security before replacing them with executables in the end. Users should be wary of any files they get from the Internet and should not run them unless they trust the source and have inspected it with an antivirus program.