A phishing page that spoofs the website of the popular video game Enlisted is being used to spread ransomware, according to a report by Cyble’s Research and Intelligence Labs (CRIL).
The ransomware attack targeting Russian-speaking gamers takes advantage of the ban on many first-person shooter games in the country. Enlisted is a multiplayer tactical game available for free.
While the threat actors behind the attack are trying to pass off their ransomware as a variant of the notorious WannaCry malware — even naming it “WannaCry 3.0” — Cyble said it is a version of the open-source, Python-based Crypter malware.
“The ransomware has adopted the name ‘WannaCry 3.0’ and utilizes the ‘wncry’ file extension for encrypting files, although it is not a genuine variant of the WannaCry ransomware,” Cyble researchers said in a blog post.
Ransomware Disguised as Enlisted Game
When targets download and install Enlisted from the phishing site, they also get the WannaCry 3.0 ransomware which operates in the background, evading detection and encrypting their files. The attack is reminiscent of the WannaCry attacks in 2017, but there are some telltale differences.
Once the ransomware has identified and encrypted targeted files, a Graphical User Interface (GUI) pops up on the target’s device with the ransom note. The target’s desktop background is also changed to a ransom note.
Unlike typical WannaCry attacks, where victims are given a Bitcoin address and a secure chat link to communicate with the ransomware operators, the threat actors behind the WannaCry 3.0 attack use a Telegram bot to chat with victims.
This attack specifically targets Windows users. Cyble described the ransomware attack as “simple.”
“Given the targeted user base, there is speculation that the motivation behind its creation could be influenced by the ongoing Russia-Ukraine conflict,” the researchers noted.
Cyble told VPNOverview that the phishing campaign may not be as widespread as other similar campaigns. “The fact that the campaign focuses on a specific group, Russian-speaking gamers, suggests a narrower scope compared to broader attacks. However, it is important to note that the impact of a ransomware infection can still be significant for the victims who fall prey to it,” Cyble said in a statement.
Shielding Your System from Ransomware
Unlike other cybercrimes, ransomware provides instant financial gain for attackers. Ransomware attacks are becoming increasingly prevalent, posing a major threat to individuals and organizations.
According to global cybersecurity leader McAfee, ransomware can be delivered in several ways. One common method is via compromised websites or emails.
“Users should exercise caution when visiting unfamiliar or untrusted websites, especially those offering game downloads or updates. Phishing websites often mimic legitimate platforms to deceive users into downloading malicious files,” Cyble said.
To secure your system from ransomware, it’s crucial to understand how phishing attacks work and how to avoid falling prey. Also, only download software from official app stores and app developers’ websites, set your device to receive updates automatically and use a solid antivirus solution. Check out our article on the best virus scanners for our top picks.
