ランサムウェアは Roblox Game Pass ストアで復号化ツールを販売

Chaos builder

The MalwareHunterTeam has discovered a new ransomware sample built with the Chaos builder. マルウェア, ワナフレンドミーと呼ばれる, is remarkable because it offers to buy a Roblox game pass for the currency accepted on this online platform as a ransom.

The Roblox platform is very popular with children, who get the opportunity to create their games and monetize them by selling subscriptions (Game Pass). Such a pass, which gives the player special perks and benefits, can only be purchased with an in-game currency called Robux.

The WannaFriendMe ransom note says that the decryptor can be purchased by purchasing a Game Pass at the Roblox address provided. The purchase is possible only if you have an account on the platform, the issue price is 1700 Robux.

Ryuk Decrypter

その後, you should take a screenshot confirming the fulfillment of the condition, and send it along with the username to @icloud.com. Having visited the Roblox page indicated by the link, the BleepingComputer expert discovered that the decryptor for the pseudo-Ryuk has fallen in price and someone iRazormind is selling it.

SwiftSeek Chrome 拡張機能ウイルス

SwiftSeek 拡張ウイルス

私たちの研究者は最近 SwiftSeek に出会いました, 疑わしいサイトの定期チェック中に、誤解を招く Web ページによって宣伝されたインストーラーで見つかったブラウザ拡張機能. Browser hijackers like SwiftSeek change

音声ウイルス (.ファイルの声) ランサムウェア

VOICE ランサムウェア

Hlas ウイルスは、Windows PC を標的とする STOP/Djvu ランサムウェア ファミリの新しいメンバーです. ファイルを暗号化し、ファイルを追加することにより、重大な混乱を引き起こします。 “.声” 彼らの延長線上にある…

The newly minted ransomware also tries to impersonate its once-formidable brother Ryuk (appends the .ryuk extension to files), but it actually borrows the Chaos code. A malware builder based on Chaos has been on the underground market for a year now, and inexperienced virus writers are willing to use it to create custom variants, such as Onyx. 去年, one such iteration surfaced in attacks on the Minecraft gaming community.

Chaos infection is bad because paying the ransom does not guarantee the recovery of all data. This malware cannot encrypt files larger than 2 MB, it overwrites them so that it is no longer possible to return the contents. 結論は, it is worth noting that the idea of ​​using Roblox for extortion is not new: last year it was implemented by the operators of malware based on HiddenTear.

コメントを残す