Minecraft cheaters try to steal accounts, download ransomware instead

Minecraft Villains
(Image credit: Mojang/Microsoft Studios)

Minecraft cheaters in Japan are being hit with some instant karma, according to cybersecurity outfit Fortinet. Wannabe hackers are being targeted by data-destroying ransomware that masquerades as a list of stolen Minecraft accounts. 

Such a list is theoretically attractive to players who want to anonymize themselves to keep their main accounts from catching bans, most obviously to get away with cheating, griefing, and other bad behavior. While it's unclear how many Japanese Minecraft players have fallen for the ransomware trap, Fortinet has detailed what the attack does.

Best of Minecraft

Minecraf 1.18 key art

(Image credit: Mojang)

Minecraft update: What's new?
Minecraft skins: New looks
Minecraft mods:  Beyond vanilla
Minecraft shaders: Spotlight
Minecraft seeds: Fresh new worlds
Minecraft texture packs: Pixelated
Minecraft servers: Online worlds
Minecraft commands: All cheats

According to Fortinet, the ransomware temporarily corrupts files smaller than 2 MB until the victim has paid 2,000 yen (about $17) to rescue them. But it doesn't give the victims a chance to save everything. When they open the executable, any files that are larger than 2 MB and have a variety of extension types (a list can be found on Fortinet's site) are filled with random bytes that permanently destroy them. It deletes any Windows backup copies of the files so you can't simply restore them either. It also plasters a ransom note on the user's wallpaper. The only thing it doesn't do is take any of your data. How considerate.

The attacker demands prepaid cards for online shopping, gaming, music, mobile phones, and streaming services as payment. The best bit is that, according to Fortinet, the ransom note says that the attacker is "available only on Saturdays and apologizes for any inconvenience caused." Even if the victim pays the fee, only the files smaller than 2 MB can be restored.

The ransomware is a variant of the Chaos ransomware that's been making the rounds since June. Other variants of the Chaos ransomware were found to infect all of a system's hard drives as well as disable Windows recovery mode entirely.

As always, whether you're trying to cheat at Minecraft or otherwise, downloading and running executables from sketchy sources is a bad idea. (But don't try to cheat at Minecraft, either.)

Associate Editor

Tyler has covered games, games culture, and hardware for over a decade before joining PC Gamer as Associate Editor. He's done in-depth reporting on communities and games as well as criticism for sites like Polygon, Wired, and Waypoint. He's interested in the weird and the fascinating when it comes to games, spending time probing for stories and talking to the people involved. Tyler loves sinking into games like Final Fantasy 14, Overwatch, and Dark Souls to see what makes them tick and pluck out the parts worth talking about. His goal is to talk about games the way they are: broken, beautiful, and bizarre.