For HomeFor BusinessFor Partners
Industry News
1 min read

Newly Discovered Ransomware Sells Decryptor in Roblox

Vlad CONSTANTINESCU

June 10, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Newly Discovered Ransomware Sells Decryptor in Roblox

Researchers discovered a seemingly new strain of ransomware that, atypically, sells its decryptor on the Roblox Game Pass Store in exchange for in-game Robux currency.

The ransomware dubbed ‘WannaFriendMe’ appears to be impersonating the infamous Ryuk ransomware but is, in fact, a Chaos ransomware derivative, according to security researcher MalwareHunterTeam.

Chaos ransomware has been around since June 2021, when perpetrators started selling its builder, letting cybercrooks design their own flavor of the ransomware. The builder included various tools that let threat actors customize ransom notes and file extensions, among other features. Left unmodified, Chaos mimicked Ryuk by using the same (.ryuk) extension for the files it encrypted.

The distinctive trait of WannaFriendMe ransomware is that it sells its decryptor in the Roblox Game Pass store and asks its victims to buy it with Robux, an in-game currency. Usually, ransomware victims are told to pay the ransom in cryptocurrency. The ransom note left by the threat actors can be read in its entirety below:

----- YOUR FILES HAVE BEEN ENCRYPTED! -----
Don't panic, your files are decryptable, But your files can only be decrypted with our own decrypter tool! To get this decrypter, you must buy this gamepass: https://www.roblox.com/game-pass/49955147/Ryuk-Decrypter
YOU MUST HAVE A ROBLOX ACCOUNT TO BUY THE GAMEPASS, BUY 1700 ROBUX AND THEN BUY THE GAMEPASS ABOVE.
AFTER BUYING THE GAMEPASS, CONTACT [email protected] WITH YOUR USERNAME AND SCREENSHOT OF YOU OWNING THE GAMEPASS. DO NOT DELETE THE GAMEPASS OTHERWISE YOU WILL DISOWN THE GAMEPASS.

Despite the perpetrators’ playful take on ransomware, Chaos variants hide a dark secret: they destroy files larger than 2 MBs in the process. During encryption, ransomware strains like WannaFriendMe overwrite files greater than 2 MBs with random data instead of encrypting them. This leaves victims in a tight spot, as they can’t recover files measuring 2 MBs or larger even if they do buy the decryptor.

tags

Industry News

Author

Vlad CONSTANTINESCU

Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

Right now Top posts

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide
Scam Spam

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide

April 19, 2024

5 min read
Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
Scam How to Tips and Tricks

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond

April 01, 2024

2 min read
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
Spam Industry News Threats

Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

November 28, 2023

4 min read
Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting
Protecting Your Important How to Tips and Tricks

Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting

November 08, 2023

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

How to keep your Android device immune to malicious vaccine themed apps
Archive

How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine
Archive Industry News

Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands
Archive

Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read

Bookmarks

loader