Minecraft cheaters attempt to steal accounts, download ransomware instead

Minecraft cheaters in Japan are stricken with instant karma, cybersecurity agency says Fortinet. Aspiring hackers are being targeted by data-destroying ransomware that masquerades as a list of stolen Minecraft accounts.

Such a list is theoretically appealing to players who wish to anonymize themselves to prevent their main accounts from getting bans, most obviously to escape cheating, grief and other bad behavior. While it’s not clear how many Japanese Minecraft players fell for the ransomware, Fortinet has detailed what the attack does.

According to Fortinet, the ransomware temporarily corrupts files smaller than 2MB until the victim pays 2,000 yen (about $ 17) to save them. But that doesn’t give victims a chance to save everything. When they open the executable, all files larger than 2MB and having various types of extension (a list can be found on the Fortinet site) are filled with random bytes which destroy them permanently. It removes all Windows backup copies of the files so that you can’t just restore them either. It also places a ransom note on the user’s wallpaper. The only thing it doesn’t do is take your data. What a consideration.

The attacker demands prepaid cards for online purchases, games, music, cell phones and streaming services as a means of payment. Best of all, according to Fortinet, the ransom note says the attacker is “only available on Saturdays and apologizes for the inconvenience.” Even if the victim pays the costs, only files smaller than 2MB can be restored.

Ransomware is a variant of Chaos ransomware which has been around since June. Other variants of Chaos ransomware infect all hard drives on a system and completely disable Windows Recovery Mode.

As always, whether you’re trying to cheat on Minecraft or otherwise, downloading and running executables from sketchy sources is a bad idea. (But don’t try to cheat on Minecraft either.)

Comments are closed.