Nov 2, 2021
80 Views
0 0

Chaos ransomware targets gamers via fake Minecraft alt lists

Written by

Microsoft: Windows KB5006674, KB5006670 updates break printing
Microsoft: Windows web content filtering now generally available
Hive ransomware now encrypts Linux and FreeBSD systems
Police arrest hackers behind over 1,800 ransomware attacks
‘Trojan Source’ attack method can hide bugs into open-source code
Signal now lets you report and block spam messages
Microsoft Defender for Windows is getting a massive overhaul
Canadian province health care system disrupted by cyberattack
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Minecraft villains
The Chaos Ransomware gang encrypts gamers’ Windows devices through fake Minecraft alt lists promoted on gaming forums.
Minecraft is a massively popular sandbox video game currently played by over 140 million people, and according to Nintendo sales numbers, it’s a top-seller title in Japan.
According to researchers at FortiGuard, a recently discovered variant of the Chaos ransomware is being tentatively distributed in Japan, encrypting the files of Minecraft players and dropping ransom notes.
The lure used by the threat actors are ‘alt list’ text files that supposedly contain stolen Minecraft account credentials, but in reality, is Chaos ransomware executable.
Minecraft players who want to troll or grief other players without the risk of their accounts being banned will sometimes use ‘alt’ lists to find stolen accounts that they can use for bannable offenses.
Due to their popularity, alt lists are always in demand and are commonly shared for free or through automated account generators that supply the community with “spare” accounts.
When encrypting victims, the Chaos ransomware will append four random characters or digits as the extension to encrypted files.
The ransomware will also drop a ransom note named ‘ReadMe.txt,’ where the threat actors demand 2,000 yen (~$17.56) in pre-paid cards.
This particular variant of the Chaos Ransomware is configured to search the infected systems for different file types smaller than 2ΜΒ and encrypts them.
However, if the file is larger than 2MB is will inject random bytes into the files, making them unrecoverable even if a ransom is paid.
Due to the destructive nature of the attack, those who pay the ransom can only recover smaller files.
The reason for this functionality is unclear, and it could be caused by poor coding, incorrect configuration, or to damage gamers’ files purposely.
In this particular campaign, the threat actors are promoting text files to create a false sense of security while swapping them out in the end with executables.
Users should be suspicious of and not execute any files they download from the Internet unless they trust the site and have scanned it with a tool like VirusTotal.
Canadian province health care system disrupted by cyberattack
BlackShadow hackers breach Israeli hosting firm and extort customers
FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics
The Week in Ransomware – October 29th 2021 – Making arrests
Hive ransomware now encrypts Linux and FreeBSD systems
Not a member yet? Register Now
Microsoft Defender for Windows is getting a massive overhaul
Microsoft warns of rise in password sprays targeting cloud accounts
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News

Comments are closed.