A new ransomware is selling its decryptor on the gaming platform Roblox using the service’s in-game currency, Robux.
Roblox is an online kids gaming platform that lets members create and monetize their own games by selling Game Passes. These passes provide various rewards, including special access, enhanced features and in-game items. These passes can only be purchased by an in-game currency called Robux.
Yesterday, security researchers, MalwareHunterTeam, found a new ransomware referred to as ‘WannaFriendMe’. This ransomware impersonates the notorious Ryuk Ransomware, but is a variant of the Chaos ransomware.
The Chaos ransomware builder, which began being sold by a threat actor in June 2021, allowed wannabe criminals the ability to create their own ransomware infection, along with customised ransom notes. The Chaos builder pretends to be Ryuk, using the .ryuk extension.
Typically, Chaos builders destroy your data, as opposed to just encrypting files.
Instead of demanding cryptocurrency as a ransom payment, the WannaFriendMe ransomware requires its victims to purchase a decryptor from the Roblox Game Pass Store using Robux. The ‘Ryuk Decrypter’ is being sold for 1,499 Robux by a user named ‘iRazormind’. It was last updated on 5th June 2022.
Only files greater than 2MB in size will be overwritten and not encrypted. Therefore, even if you buy a decryptor, only files smaller than 2MB can be restored.
It is currently unclear how this ransomware is being distributed.