Open Source Ransomware Targets Fortnite Users (Aug 20, 2019)
A new ransomware targeting Fortnite users has been discovered on the gaming forums. Named “Syrk”, the ransomware masquerading as a Fortnite cheat to allow players to increase accuracy and know the location of other users. Once the user downloads the file, the ransomware begins encrypting their files, deleting files every two hours in an attempt to create an urgency for the victim. An alert appears on the infected machine informing them that the only way the retrieve their encrypted files is to pay the ransom, however, the files can be decrypted without paying the ransom. The Syrk ransomware is the same as the Hidden-Cry ransomware, an older ransomware which has already been analyzed, with methods for recovery and decryption of files already existing.
Recommendation: Ransomware is a continually evolving threat. It is paramount to have a comprehensive and tested backup solution in place. If a reproducible backup is not available, there may a decryptor available that can assist in retrieving encrypted files. Additionally, educate your employees about the dangers of downloading applications when they are not offered from the website of the official provider/developer.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.