Posted on August 22, 2019 at 6:19 PM
The Fortnite gaming community is currently has been warned. A malicious hack is tricking users into thinking that they may help you win but instead, they could stand to lose valuable data and information because of disguised ransomware.
There are more than 250 million registered players in Fortnite, which has truly achieved the “successful” label. However, the community also has criminals taking advantage of users and their competitive nature.
If You Cheat, You’ll Get Syrk
Researchers and specialists at Cyren were the ones that discovered the hack, which is supposed to act as an aimbot cheat resource to provide an advantage at the time of disposing of opponents. But it is in fact ransomware and Syrk, as it is dubbed, runs the “SydneyFortniteHacks.exe,” file and wants to kidnap players’ folders to force them into paying a ransom.
Cyren specialists Maharlito Aquino and Kervin Alintanahin explained a little bit more about the ransomware, saying that they believe it is being distributed through an upload to a sharing site, with the link being posted in forums and discussion threads by the players themselves.
The hackers that manage the Syrk pseudonym aren’t only disguising Fortnite’s malware as a hack to cheat in the game, but they are also hiding another ransomware, the Hidden-Cry, as a renewed weapon.
The Fortnite ransomware will appear in the gamers’ screen if they download the alleged aimbot game hack. They will obtain a big, 12 MB executable file with various other files embedded within.
After the user starts downloading the file, it will connect to a command-and-control server and will use a Windows registry trick to deactivate the Windows Defender tool and also the User Access Control. The Task Manager, which has the potential to halt the malware progress, will be closely monitored by the powerful Syrc.
After that, things get even uglier. Syrk will start encrypting the user’s files, including pictures, videos, crucial documents, music, and other types of archives and folders. If the process goes according to the hackers’ plan, the files will show a .syrk extension.
An Ugly Message
If the malware infection isn’t evident by that moment, it will be in a few seconds: the victim will now see a message in his or her screen, asking to pay a specific ransom and an email address to send the instructions to do that task.
A time countdown is also displayed on the screen, with two hours and winding down. In the case that the payment isn’t provided within that window of time, the ransomware will delete the “kidnapped” files and the pictures folder, and after that, it will do the same with the desktop and document folders.
However, there may be some light at the end of the tunnel. Since the source code of the Hidden-Cry ransomware has already been distributed in the online community, and it is the same behind the Syrk pseudonym, the Cyren researchers firmly believe that the victims may be able to recover the deleted files.
Is There a Solution?
The specialists are considering two possible methods to recover or decrypt files with no need to pay a ransom for the required password. One is the decrypting tool being embedded in the download, which per Cyren, can be implemented to develop a PowerShell script that is based on the shared source of the Hidden-Cry decrypter.
There may be another method: the ransomware leaves the password decryption files in the user’s device.
The primary takeaway of the whole Fortnite hack situation is very straightforward: cheating isn’t the right way to go.
This isn’t the first time that Fortnite endures an episode in which online security seems so vulnerable. Although not its responsibility, the name of the game came to prominence when rival hacking groups were involved in a scandal that revealed thousands of private messages, much of which detailed how to hack Fortnite accounts.
Earlier this month, it was also revealed that Baldr, another malware, was being distributed in Fortnite cheat hacks linked in Youtube gaming videos.