New Ransomware Targets Fortnite Players, Demands Payment in Crypto Author: Jimmy Aki Last Updated: 12 June 2020 Fortnite has a legitimate claim on the title of the world’s most popular online video game. With a global tournament and hundreds of millions of adoring fans, the game itself is a cash cow. However, the profitability of Fortnite also makes it a heavy target for criminals the world over. Now, a new piece of ransomware has been found that seems to target its players. According to several media reports, Syrk, an erstwhile unpopular computer ransomware, has been used by hackers to steal crypto assets from Fortnite players. Syrk is reportedly based on the Hidden Cry open-source program, a data encryptor that appeared online back in December 2018 and has been the underlying code to several malware applications over the past few months. In a report on the malware, researchers at IT security firm Cyren reported that Syrk primarily masquerades as a hack tool for Fortnite. The file appears as “SydneyFortniteHacks.exe,” and it begins encrypting files on the host computer’s hard drive (as well as any connected USB drives) as soon as it is run. When the process is done, the computer displays a prompt that all files will start getting deleted in a matter of hours if a laid out set of instructions aren’t followed. Victims have reported that attackers ask for ransoms to be paid in cryptocurrency. “The next step is it will set a timed procedure to try and delete the encrypted files in the directories listed below, deleting the files every two hours in the following order: %userprofile%\Pictures; %userprofile%\Desktop; and %userprofile%\Documents,” the researchers wrote. Speaking on the malware, Chris Morales, Head of Security Analytics at AI threat detection and response firm Vectra, claimed that the symbiosis of gaming and ransomware attacks has been a long time coming. He added that given the fact that millions of people play video games and most of them look for shortcuts to win, they have essentially become free fodder for attackers. “Malware posing as a hack tool is novel as it will not be validated by any app store and bypasses the normal security controls. This makes encrypting files using a game hack highly opportunistic and easy to execute.” However, while this is pretty glum, it is also worth noting that the ransomware is based on a popular attack vector, and its software is rather easy to circumvent. A victim can easily unlock their computers by checking out some text files on their drives. The files contain the passwords that could help shut the malware down before it deletes the files. It is possible that the attackers know this, hence the reason for the quick ultimatum on the ransomware’s actions. Threat messages usually claim that files will get deleted in a matter of hours, thus giving the victim little time to think of going online and asking for a solution. Most oblivious victims would very much transfer the ransoms from their Bitcoin wallets than risk losing their valuable files by searching for solutions. So, victims now have a way out, so there’s no need to dig into your cryptocurrency exchanges wallet just yet if you get attacked by Syrk.