By Shunichi Imano and Fred Gutierrez | October 28, 2021
FortiGuard Labs Threat Research Report
Affected Platforms: Windows
Impacted Parties: Japanese Minecraft Gamers
Impact: Potential loss of files and money due to file encryption and destruction and paying ransom
Severity Level: Medium
Minecraft is one of the most popular digital games in the world. It was originally released in May 2009 by Swedish game developer Mojang Studios, which was acquired by Microsoft in 2014 for US $2.5 billon. Initially released for the Windows, Mac, and Linux platforms, the game is now available on 22 platforms including video game consoles and mobile devices, including Android and iOS. As its gaming population has steadily grown, reaching more than 140 million monthly active players in August 2021, Minecraft has never been more popular 12 years after its initial release. Evidently, cybercriminals cannot pass up the opportunity to target such a large userbase.
FortiGuard Labs recently discovered a variant of the Chaos ransomware that appears to target Minecraft gamers in Japan. This variant not only encrypts certain files but also destroys others, rendering them unrecoverable. If gamers fall prey to the attack, choosing to pay the ransom may still lead to a loss of data. In this report we will take a look at how this new ransomware variant works.
