This ransomware forces you to sign up for Roblox to get your files back


The creators of a new Ransomware have taken a new approach to how victims pay to regain access to their locked files.

While ransomware gangs normally make victims pay cryptocurrency to unlock their files after an attack, security researcher MalwareHunterTeam (opens in a new tab) discovered a new ransomware named “WannaFriendMe” that makes them pay in Roblox’s in-game currency, Robux.

Although WannaFriendMe poses as the notorious Ryuk ransomware, it is actually a variant of Chaos ransomware according to BleepingComputer. (opens in a new tab).

Setting up a crypto wallet Recovering files after a ransomware attack can be a daunting process for those less technically inclined, and signing up, downloading, installing, and purchasing in-game currency in Roblox will likely prove challenging for a lot too.

Chaos ransomware generator

In June last year, a cybercriminal started selling a ransomware generator called Chaos on an underground hacking forum. It allows others to create their own ransomware with personalized ransom notes, encrypted file extensions and other features.

Since its release, there have been four versions of the Chaos ransomware generator and the latest version (4.0) gives an attacker the ability to add their own filename extensions to encrypted files as well as change the desktop background on infected machines, according to a blog post (opens in a new tab) of Trend Micro.

The main problem with Chaos ransomware variants is that, unlike other ransomware strains, they not only encrypt a victim’s data, but also destroy it in many cases. This is because files larger than 2MB are overwritten with random data instead of being encrypted. Therefore, those who purchase a decryptor for WannaFriendMe or other Chaos ransomware variants will only be able to recover Word documents and other smaller files.

Selling ransomware decryptors on Roblox’s Game Pass store

Ryuk ransomware decryptor

(Image credit: Roblox)

If your PC is infected with WannaFriendMe ransomware, you will need to turn to Roblox to recover your files.

In the ransom note left on victims’ machines, the creators of this new strain of ransomware explain how to purchase their decryptor from the Roblox GamePass store, saying:

“Don’t panic, your files are decryptable, but your files can only be decrypted with our own decryption tool! To get this decryptor, you need to buy this gamepass. You need a Roblox account to buy the gamepass, buy 1700 Robux then buy the gamepass above.

Once a victim has purchased the GamePass in question, they must then email the attacker and attach a screenshot of the GamePass in their inventory to gain access to the decryptor. However, as we mentioned above, the decryptor is unable to unlock files larger than 2MB, so it might not even be worth it because 1700 Robux costs $19.99 at the time of writing.

As BeepComputer (opens in a new tab) points out, another Chaos ransomware variant was used in October last year to target Minecraft gamers in Japan using fake alt lists promoted on gaming forums.

How to avoid falling victim to ransomware, malware and other viruses

Just like with malware and other computer viruses, clicking on strange links or email attachments can lead to a ransomware infection. This is why you should always carefully review the full URL of any suspicious links before clicking on them to ensure there are no misspellings or other red flags.

Backing up your data regularly is another important step when it comes to fighting ransomware. If you already have another copy of your important files stored on an external hard drive or cloud backup service, you won’t be tempted to pay cyber criminals to decrypt your files. Likewise, even if you pay, there is no guarantee that your files will be unlocked.

Installing anti-virus software on your computers can also be a huge help, as suspected or known malicious files will be flagged by a company’s anti-virus engine so you know not to click on them.


Comments are closed.