A ransomware campaign is targeting players of the popular video game Fortnite. According to researchers at Cyren, discussed in detail in a blog post on the company website, the ransomware is identified as “Syrk.” In actuality, according to Cyren’s research, Syrk is a variant of the Hidden-Cry ransomware with an added .Syrk extension. Since Hidden-Cry is an open source ransomware found on GitHub, researchers were able to look at the code in-depth. In short, once the file is executed, it will go through 10 steps that will end in ransomware being dropped on the user’s device. (If you want to see the entire infection protocol in-depth, go to the previously linked blog post.)
As Cyren points out, the Fortnite ransomware is especially spiteful, although there is a silver lining. Cyren believes files deleted by the ransomware can be recovered.
One principle feature of the Hidden-Cry ransomware is … the sense of urgency it creates in the victim by deleting files every two hours. However, we believe it is possible for victims to recover deleted files, given the simple method used to delete the files. We also provide instructions at the end to victims on two methods for decrypting files without paying to receive a password.
The threat actors behind Syrk are targeting Fortnite players who are looking to cheat via aimbotting. Aimbotting allows a player to automatically lock-on to any rival player and even track their location through solid objects like walls. With Fortnite being a highly competitive game that has 250 million-plus players, and is also well-known on the e-sports circuit, it is logical that some will resort to shady tactics to get an edge. In a twist of irony, the cheaters are getting cheated. The malicious aimbot program is being distributed via both upload sites that gamers use for illicit programs and also Fortnite forums. As soon as they think they are getting an edge on their game, instead they find themselves dealing with mass encryption at the hands of Styx.
If there’s a lesson here, it’s don’t cheat in Fortnite and, additionally, make sure you know the source of a program being downloaded.
Featured image: Pixabay