Minecraft players hunting for ‘Alt Lists’ should avoid the practice as the Chaos Ransomware gang is actively targeting PCs running the popular game

Minecraft Chaos Ransomware Destroys Files
Ransomware is targeting gamers with weaponized Text files. Pic credit hobbymb/Flickr

Players who hunt for ‘Alt Lists’ to target other Minecraft gamers are now a potential target for new ransomware. The Chaos gang is encrypting Windows PCs running the insanely popular game, and even destroying locally stored files.

Ransomware operators are now actively going after the gaming community. Video game players, especially those playing Minecraft, are now at risk of losing access to their computers and files.

Chaos Ransomware gangs using weaponized ‘Alt List’ text files to deliver malware:

The video game industry is huge, and hence, a lucrative market, not just for developers and publishers. Malicious code writers regularly offer software that “enhances” a player’s abilities or simplifies gameplay.

It now appears ransomware gangs are exploiting the insane craze about Minecraft to make money by encrypting gamers’ computers. For now, PC gamers using Windows Operating System, and those playing Minecraft, are vulnerable.

Minecraft is a popular sandbox video game. More than 140 million people spend hours glued to their devices building cities, skyscrapers, monuments, communities, etc.

According to researchers at FortiGuard, the Chaos ransomware gang is testing a new variant of malware that targets Minecraft players. The malware encrypts the files of players and drops ransom notes asking money to send a decryption key.

Interestingly, the gang attempts to lure players with ‘Alt Lists’. These are essentially plaintext files that should contain stolen Minecraft account credentials. However, in reality, these files contain Chaos ransomware executable.

Alt Files are quite popular in the Minecraft community. Players who wish to troll other gamers without risking their own account, use the Alt Lists. Needless to mention, Minecraft creators and moderators are quick to ban offenders, and hence, the Alt Lists are quite popular.

Spare accounts in Alt Lists are in huge demand, and hence, the Chaos ransomware gang seems to be quite successful in infecting computers running the game.

Ransomware encrypts smaller files and destroys large ones?

The Chaos Ransomware gang’s encryption engine is pretty standard. After successfully infecting a Windows PC, the malware alters file extensions. The group is reportedly demanding 2,000 yen (approx. $17.56) in pre-paid cards.

The malware infecting the Windows PC hunts for files smaller than 2MB and encrypts them. Strangely, if a file is larger than 2MB, the malware injects random bytes into them. This makes larger files unreadable. Concerningly, the files are destroyed, and even the decryption engine fails to recover them.

It is not immediately clear why the Chaos Ransomware gang is destroying large files. Some experts suggest this could be unintentional. The encryption engine could be flawed due to hurried development and haphazard deployment.

It is, however, important to note that ransomware creators are now using Text files. Internet users often ignore the potential threats of such files, and hence, fall victims.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x