thetechxp is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.

This ransomware requires Roblox registration to decrypt data

Advertisements

Roblox is being used by cybercriminals to sell ransomware decryptors.

When it comes to paying the ransom, the designers of a new ransomware virus have adopted an innovative method.

Typically, victims of ransomware attacks are asked to pay in bitcoin to release their data, however MalwareHunterTeam has identified a new ransomware called “WannaFriendMe” that requires them pay in Roblox’s in-game currency Robux.

Advertisements

It’s not the Ryuk ransomware that WannaFriendMe mimics, but rather a kind of the Chaos malware, according to BleepingComputer (opens in new tab).

Some may find it difficult to set up a crypto wallet to retrieve files after being encrypted by ransomware, while many others may find it difficult to register with Roblox and purchase in-game cash.

Chaos ransomware builder

On a dark web hacking site in June of last year, a cybercriminal started selling a ransomware function Object() { [native code] } named “Chaos.” Custom ransom notes, encrypted file extensions, and other features can be added by others.

Advertisements

There have been four iterations of the Chaos ransomware builder since its initial release, and the most recent (4.0) allows an attacker to add their own filename extensions to encrypted files and change the desktop wallpaper on infected machines, according to a blog post from Trend Micro(opens in new tab).

While most ransomware strains merely encrypt victims’ data, Chaos ransomware variations often destroy it as well. This is the fundamental concern with Chaos ransomware variants. Files exceeding 2MB are overwritten with random data instead of being encrypted due of this. WannaFriendMe and other variations of the Chaos ransomware will only allow individuals who pay a decryptor to retrieve Word documents and other smaller data.

The WannaFriendMe ransomware will need you to use Roblox to recover your files if your PC is compromised.

Advertisements

To get their decryption key, the hackers behind this new ransomware outbreak tell victims in a ransom note that they may do so through the Roblox GamePass shop.

Be calm, your files can be decrypted—but only with our special decryption tool! You’ll need to purchase this gamepass in order to obtain access to the decrypter. Purchase 1700 Robux and then the game pass above if you don’t already have a Roblox account.”

The decryptor can only be obtained by sending an email to the attacker with a screenshot of the GamePass in question attached. As we previously stated, the decryptor is only capable of unlocking files less than 2MB, thus it may not be worth the $19.99 price tag for 1700 Robux.

Advertisements

Last year, another Chaos ransomware strain was used to target Minecraft users in Japan by distributing bogus alt lists on gaming sites, according to BleepingComputer(opens in new tab).

Learn how to avoid being a victim of ransomware and other types of malicious software.
Ransomware infections may be spread by clicking on suspicious websites or email attachments, just like other computer viruses. Hence, before clicking on any suspicious links, make sure to check the complete URL for any spelling mistakes or other red flags.

When it comes to dealing with ransomware, regular data backups are an essential part of the solution. An external hard drive or cloud storage service can help prevent you from paying thieves to decrypt your files since they already have a backup copy. When it comes to paying to unlock your data, there are no promises that they’ll be unlocked.

Advertisements

If you have anti-virus software installed on your computer, you’ll be alerted to suspicious or known dangerous files so that you may avoid them.

Leave a Comment