Cybercriminals are exploiting the popularity of the Minecraft game to infect gamers with the Chaos ransomware.

What has happened?

FortiGuard Labs researchers spotted targeted attacks on Japanese gamers’ Windows devices
  • They are using Chaos ransomware to encrypt certain files while also destroying some.
  • This destructive behavior for larger files may sound a bit odd for a ransomware action, but it would be relevant to note that originally Chaos was a wiper malware and the encryption functionality was added later.
  • After hitting a target, the ransomware group asks for 2,000 yen ($17.56) worth of Bitcoin or prepaid cards.

How does it work?

To infect gamers, the attackers are promoting fake Minecraft alt (alternative accounts) lists on gaming forums, urging the potential victims to download and execute the files.
  • The file uses a text icon to fool potential victims that it has a list of alternative accounts for this game, which is considered precious information for the players.
  • Opening the file leads to malware execution. Malware searches for the files smaller than 2,117,152 bytes, tries to encrypt them, and adds four random characters to smaller files, which are chosen from ‘abcdefghijklmnopqrstuvwxyz1234567890.’ 
  • Files (with certain specific extensions) that are larger than 2,117,152 bytes are filled with random bytes, making them unusable even if the ransom is paid.

Additional insights

  • Same as other ransomware, Chaos deletes shadow copies from the infected machines.
  • The ransom note is written in Japanese and mentions that the attackers are only available on Saturdays. 
  • Furthermore, they issue an unconditional apology in the note to victims for any trouble caused by them.


The infection vector and the attack capabilities of this variant of Chaos have no new or innovative edge. However, its capability to destroy data and make it unusable for the victim makes it an awful threat. Gamers are recommended to stay alert while being offered such commodities on gaming forums.

Cyware Publisher