MC Ransomware

The MC Ransomware is a Trojan that launches file-ransoming pop-ups that ask you to play the Minecraft video game for restoring your files. While current releases of the MC Ransomware have no features associated with locking or deleting data, malware experts anticipate future development for enabling non-consensual encryption that could convert the victim's files into non-opening formats. Having remote backups can protect your digital media, and different anti-malware applications can delete the MC Ransomware at any stage of infection.

Your Files Could Be a Trojan's New Building Blocks

Threat actors operating at the Finish domain of NATroutter.net are launching a series of potentially file-locking Trojans after drawing inspiration from the PUBG Ransomware campaign. These new Trojans, the MC Ransomware and the CS:GO Ransomware, both use similar, video game-based themes and triggers associated with monitoring the victim's playtime in those games. However, neither of them have any of the traditional file-locking or deleting features, as of April 26th.

Despite its limitations, malware experts are seeing numerous samples of the MC Ransomware being uploaded to central AV databases, making it likely that the threat actors are testing their code-obfuscating techniques for avoiding any detection. For now, the MC Ransomware's verifiable payload includes a pop-up that displays a screenshot from Mojang's Minecraft and a status line for monitoring whether or not the game is open. In theory, once it's complete, the MC Ransomware could record the user's playtime within Minecraft and provide a file-unlocking feature after a set amount of hours.

Because of the MC Ransomware's in-development status, malware experts can only estimate its future features, which may include any of the following:

• The MC Ransomware may rename your files or change their extensions (such as changing 'daisy.gif' to 'daisy.gif.locked').
• The MC Ransomware may erase any local backups, such as the Windows' Shadow Volume Copies.
• The MC Ransomware may force its pop-up to maintain constant foreground focus and cover your desktop, which can prevent you from opening other programs or accessing the system's UI.

Crafting Your Way to Safe File Systems

For the Black Hat software industry, campaigns leveraging the brand of games like Minecraft are frequent occurrences, and, often, involve threats other than file-locking ones like the MC Ransomware. Examples of both competing and disparate Trojans include the Nulltica Ransomware, the Nation Advanced Search Virus, or the Hidden Tear variant of the RansomMine Ransomware. The latter also may be inspiring the MC Ransomware due to its use of a similarly-structured payload that expects the user to start playing Minecraft for gaining access to a file-restoring solution. Since there are always dangers with following even supposedly safe instructions from extortionists, malware experts recommend saving your files on secured backups, such as USB devices.

None of the samples of the MC Ransomware or its relative, the CS:GO Ransomware, offer any additional information on how they might be circulating. Future attacks could utilize Web-browsing threats like the RIG Exploit Kit , bundle Trojan droppers with illicit downloads, or conceal exploits inside of e-mail attachments. Update your anti-malware products to help them detect and delete the MC Ransomware accurately and without letting the Trojan have any opportunities to encrypt or delete your data.

Being forced to open and use programs under the threat of losing digital possessions is no game. Even though the MC Ransomware may appear harmless, the precedent its campaign sets is one of ever-escalating greed for control by remote attackers.