Cybercriminals have set a trap for Fortnite gamers, creating a ransomware program that comes disguised as a cheat hack, but actually encrypts files and then deletes them every two hours unless the victim pays up.
The ransomware is named Syrk, but researchers at Cyren say in a blog post published this week that it is essentially the already established Hidden-Cry malware, only with a .Syrk extension. The source code for Hidden-Cry was published on GitHub in late 2018, meaning it is now widely available to would-be threat actors.
According to Cyren, Syrk pretends to a tool that helps players aim weapons better and also pinpoint the locations of other players. “We expect it to possible be distributed via an upload to a sharing site and the link posted in Fortnite users in forums,” write threat analysts and blog post co-authors Maharlito Aquino and Kervin Alintanahin.
“You personal files are being encrypted by Syrk Malware. Your photos, videos, documents, etc…” states the extortion note, which instructs victims to contact an email address to submit payment. The note also prominently features a countdown timer. “At the first timer the files in the photo folder will be deleted. At the second timer the files in the desktop folder will be deleted. At the third timer the files in the document folder will be deleted,” the note threatens.
The ransomware also attempts to infect any USB drives connected to the affected machine.
There is good news, however: victims may be able to recover their files, while avoiding any payments. This is because the malware already drops the Hidden-Cry decrypting tool, as well as a file where victims can find a decryption password. Cyren’s researchers explain where to look for these helpful tools in their blog post.