Minecraft cheaters in Japan are being hit with some instant karma, according to cybersecurity outfit Fortinet. Wannabe hackers are being targeted by data-destroying ransomware that masquerades as a list of stolen Minecraft accounts.
Such a list is theoretically attractive to players who want to anonymize themselves to keep their main accounts from catching bans, most obviously to get away with cheating, griefing, and other bad behavior. While it's unclear how many Japanese Minecraft players have fallen for the ransomware trap, Fortinet has detailed what the attack does.
According to Fortinet, the ransomware temporarily corrupts files smaller than 2 MB until the victim has paid 2,000 yen (about $17) to rescue them. But it doesn't give the victims a chance to save everything. When they open the executable, any files that are larger than 2 MB and have a variety of extension types (a list can be found on Fortinet's site) are filled with random bytes that permanently destroy them. It deletes any Windows backup copies of the files so you can't simply restore them either. It also plasters a ransom note on the user's wallpaper. The only thing it doesn't do is take any of your data. How considerate.
The attacker demands prepaid cards for online shopping, gaming, music, mobile phones, and streaming services as payment. The best bit is that, according to Fortinet, the ransom note says that the attacker is "available only on Saturdays and apologizes for any inconvenience caused." Even if the victim pays the fee, only the files smaller than 2 MB can be restored.
The ransomware is a variant of the Chaos ransomware that's been making the rounds since June. Other variants of the Chaos ransomware were found to infect all of a system's hard drives as well as disable Windows recovery mode entirely.
As always, whether you're trying to cheat at Minecraft or otherwise, downloading and running executables from sketchy sources is a bad idea. (But don't try to cheat at Minecraft, either.)