FortiGuard experts report that Chaos ransomware attacks gamers’ Windows devices and spreads under the guise of an alt list for Minecraft on gaming forums. So far, these attacks are mainly directed against users in Japan.
The decoy used by the attackers is alt list text files, which supposedly contain credentials for Minecraft accounts (including stolen ones), but in reality, only Chaos malware can be downloaded this way.
Researchers note that Minecraft players sometimes use alt lists when they want to troll or mock other players (without risking being banned). Accounts from the alt list are often used for such “crimes”, and you can usually find such lists, for example, on paste-sites. In addition, due to the popularity of such lists, they are often distributed free of charge or created through automatic account generators.
After encrypting the victim’s files, Chaos adds four random characters or numbers as an extension to the encrypted files. For decrypting the data, the ransomware demands a ransom in the amount of 2000 yen (for example, $ 17.56), and the money must be provided in the form of prepaid cards.
Experts warn that Chaos is configured to search infected systems for files of various types, less than 2 MB in size. If the file size exceeds 2 MB, then random bytes will be inserted into the files, which will make them unrecoverable, even the victim will pay the ransom to the hackers. It is unclear whether the creators of Chaos deliberately incorporated such functionality into their ransomware in an attempt to permanently damage the files of victims, or it was a mistake.
Catch up on more stories here
Follow us on Facebook here