Japanese Minecraft players have been given quite the shock as a list posing as alternative account details for cheaters turns out to actually be a ransomware file.
This was reported by Fortinet (thanks, PC Gamer) a few days ago (October 28), as Minecraft players in Japan have been looking for, and downloading, what they think is a list of stolen account usernames and password. As it turned out, one such list turned out to be a “variant of Chaos ransomware” that is encrypting and destroying some files for those who download it.
These players are likely downloading what they think are account lists so they can protect their main accounts whilst they do things like use cheats, troll, and other actions that would generally lead to a ban.
According to Fortinet, exactly how the fake list is being distributed is currently a mystery, but the publication believes it is being advertised on Minecraft forums for Japanese players. The ransomware is posing as a text file via an icon, but when it is downloaded it uses malware on files.
Anything under 2,117,152 bytes on the computer is encrypted, whilst anything over that is filled with random bytes so the downloader can never get those files back. The reason this is classified as ransomware is because after the attack, a ReadMe text file asks the victim to pay with bitcoin or a pre-paid card.
Those infected with the ransomware can only get it sorted through on a Saturday however, as Fortinet say the ransom note adds “that the attacker is available only on Saturdays and apologises for any inconvenience caused,” as they ask for 2,000 yen (approximately £12.91 or $17.62 USD).
If that wasn’t enough, the ransomware also changed the users desktop wallpaper to a black background with red text, with a message asking the impacted user to pay the ransom.