The Fortnite gaming community is currently has been warned. A malicious hack is tricking users into thinking that they may help you win but instead, they could stand to lose valuable data and information because of disguised ransomware .
There are more than 250 million registered
players in Fortnite, which has truly achieved the “successful” label.
However, the community also has criminals taking advantage of users and their
competitive nature.
Researchers and specialists at Cyren were the
ones that discovered the hack, which is supposed to act as an aimbot cheat
resource to provide an advantage at the time of disposing of opponents. But it
is in fact ransomware and Syrk, as it is dubbed, runs the
“SydneyFortniteHacks.exe,” file and wants to kidnap players’ folders
to force them into paying a ransom.
Cyren specialists Maharlito Aquino and Kervin
Alintanahin explained a little bit more about the ransomware, saying that they
believe it is being distributed through an upload to a sharing site, with the
link being posted in forums and discussion threads by the players themselves.
The hackers that manage the Syrk pseudonym aren’t only disguising Fortnite’s malware as a hack to cheat in the game, but they are also hiding another ransomware, the Hidden-Cry, as a renewed weapon.
The Fortnite ransomware will appear in the
gamers’ screen if they download the alleged aimbot game hack. They will obtain
a big, 12 MB executable file with various other files embedded within.
After the user starts downloading the file, it
will connect to a command-and-control server and will use a Windows registry
trick to deactivate the Windows Defender tool and also the User Access Control.
The Task Manager, which has the potential to halt the malware progress, will be
closely monitored by the powerful Syrc.
After that, things get even uglier. Syrk will
start encrypting the user’s files, including pictures, videos, crucial
documents, music, and other types of archives and folders. If the process goes
according to the hackers’ plan, the files will show a .syrk extension.
If the malware infection isn’t evident by that
moment, it will be in a few seconds: the victim will now see a message in his
or her screen, asking to pay a specific ransom and an email address to send the
instructions to do that task.
A time countdown is also displayed on the
screen, with two hours and winding down. In the case that the payment isn’t
provided within that window of time, the ransomware will delete the
“kidnapped” files and the pictures folder, and after that, it will do
the same with the desktop and document folders.
However, there may be some light at the end of
the tunnel. Since the source code of the Hidden-Cry ransomware has already been
distributed in the online community, and it is the same behind the Syrk
pseudonym, the Cyren researchers firmly believe that the victims may be able to
recover the deleted files.
The specialists are considering two possible
methods to recover or decrypt files with no need to pay a ransom for the
required password. One is the decrypting tool being embedded in the download,
which per Cyren, can be implemented to develop a PowerShell script that is
based on the shared source of the Hidden-Cry decrypter.
There may be another method: the ransomware
leaves the password decryption files in the user’s device.
The primary takeaway of the whole Fortnite hack situation is very straightforward: cheating isn’t the right way to go.
This isn’t the first time that Fortnite
endures an episode in which online security seems so vulnerable. Although not
its responsibility, the name of the game came to prominence when rival hacking
groups were involved in a scandal that revealed thousands of private messages,
much of which detailed how to hack Fortnite accounts.
Earlier this month, it was also revealed that
Baldr, another malware, was being distributed in Fortnite cheat hacks linked in
Youtube gaming videos.