Threat Watch

Fortnite Based Ransomware

Due to the massive popularity of the game Fortnite, attackers are aiming for Fortnite’s global community of over 250 million users. The new ransomware that calls itself “Syrk” is targeting users by promising a game hack tool. Sryk promises players to be an aimbot for aiming more accurately while playing and an ESP which locates other player’s locations in the game. If a user downloads the supposed game hack, they are downloading the ransomware that begins encrypting files and if left unpaid, will begin deleting batches of files every two hours. The source code for Syrk comes from older ransomware called Hidden-Cry. The Hidden-Cry source code is available on Github and has been for over a year. Instead of completely engineering a new malware, attackers are finding old source codes and changing them slightly to reuse them. Syrk also has the capability of infecting any connected USB drives that happen to be connected to the user’s computer at the time of infection.

ANALYST NOTES

Secure backups of a computer’s files are the number one defense against any ransomware attack. Users can simply delete the infected files and replace them with clean backups. If a victim does not have clean backups, then they can use the decrypter that has been published for the Hidden-Cry ransomware. Additionally, gamers that are being offered free game hacks should immediately suspect them as malicious and avoid the cheat.