Roblox gaming platform leveraged by threat actors to sell decryptors

June 16, 2022

A new ransomware operation has been found with a unique method of selling its decryptors through Roblox, a gaming platform that uses its in-game currency, Robux.

Roblox is a game designed for kids, and one of its features is that it allows its members to develop their games and monetise them by selling ‘Game Passes.’ These gaming passes give several gaming features that will help users, such as special access, enhanced tools, and in-game items.

However, members must purchase the in-game currency Robux to pay for the game passes.

 

Roblox becomes a marketplace for a decryptor.

 

According to a cybersecurity researcher, new ransomware dubbed WannaFriendMe impersonates a big-time malicious threat group known as Ryuk, which sells decryptors on the Roblox game. However, the wannabe Ryuk variant is just a strain of Chaos ransomware.

June last year, a malicious entity started to offer a Chaos ransomware builder that enabled amateur hackers to develop their unique ransomware infection with modified ransom notes. The builder also provided tools such as file extensions, botnets, and other functions.

Moreover, the Chaos builder that pretended to be the Ryuk ransomware only uses the [.]ryuk extension for encrypted files to make their attacks more believable.

The interesting part of WannaFriendMe ransomware is that it encourages its victims to purchase a decryptor from the Roblox platform instead of demanding cryptocurrency as a ransom payment.

Unfortunately for the victims, most of the Chaos ransomware strains have a higher chance of data mutilation than data retrieval. Additionally, when the group encrypts a file, it only caps at two megabytes. Once the size exceeds that cap, the excess file will be overwritten with random data and will not be encrypted. This detail implies that even a victim will get a decryptor; they will recover files smaller than 2MB.

Cybersecurity experts are yet to find the true purpose of this ransomware. However, its destructive capabilities should be addressed by researchers soon as young gamers will experience the impact of this threat.

About the author

Leave a Reply