![]() A lot of this builds on the wide media attention that popular games receive on social media and sites such as Twitch or YouTube. “Gamers are attractive targets for this kind of attack as they likely have computers with powerful graphics cards, which are heavily sought after for cryptocurrency mining because of their performance. ![]() “The video game industry, and gamers in general, are lucrative targets for cybercriminals,” he said. “However, we believe it is possible for victims to recover deleted files, given the simple method used to delete the files.” Threatpost has asked for more details on that process and will update this post accordingly.įortnite has become a global phenomenon, claiming to have 250 million players (the Fortnite World Cup also just ended, which offered a $30 million prize pool - indicative of its popularity).Īlex Guirakhoo, strategic intelligence analyst at Digital Shadows, told Threatpost that cybercriminals are always interested in the gaming world, and especially those with large, invested communities. It will drop the necessary PowerShell script needed to decrypt the files.”Īs for recovery, “One principle feature of the Hidden-Cry ransomware is that, as seen in the instructions shown, is the sense of urgency it creates in the victim by deleting files every two hours,” they wrote. To do this, extract the embedded file dh35s3h8d69s3b1k.exe and execute the file in the infected machine. “Since the key used is already known, it can be used to create a PowerShell script based on the shared source of the Hidden-Cry decrypter. “The file dh35s3h8d69s3b1k.exe is the Hidden-Cry decrypting tool, and can be found as one of the resources embedded in the main malware,” they explained. The good news is that Cyren researchers found that it’s possible to both decrypt the encrypted files, and recover those that were deleted. He added, “This ransomware is effectively cheating the cheater.” ![]() This makes encrypting files using a game hack highly opportunistic and easy to execute.” Malware posing as a hack tool is novel as it will not be validated by any app store and bypasses the normal security controls. It is a large audience to target and an industry that is known to look for shortcuts. “Social engineering through online video games has been going on for some time. “Combining game malware with ransomware was inevitable,” Chris Morales, head of security analytics at Vectra, told Threatpost. “The next step is it will set a timed procedure to try and delete the encrypted files in the directories listed below, deleting the files every two hours in the following order: %userprofile%\Pictures %userprofile%\Desktop and %userprofile%\Documents,” the researchers wrote.Īt the same time, it starts using LimeUSB_Csharp.exe to infect USB drives if they exist. It also monitors for Taskmgr, Procmon64 and ProcessHacker, which could interrupt its processes. Once the payload is executed, it connects to a command-and-control (C2) server and disables Windows Defender and UAC through a registry tweak.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |