Roblox leveraged for new ransomware decryptor sale

MalwareHunterTeam discovered that the novel Chaos ransomware variant dubbed "WannaFriendMe," which spoofs Ryuk ransomware has been leveraging the Roblox gaming platform to sell its decryptor, according to BleepingComputer. WannaFriendMe, which appends the .ryuk extension on files that it encrypted, was discovered to have been sold since last June, with a ransom note requiring victims to use Robux to purchase the decryptor from Roblox's Game Pass store. Roblox user iRazormind has been selling the Ryuk Decrypter found after clicking on the link provided on the ransom note for 1,499 Robux. Chaos ransomware has been notorious for destroying systems' files that are larger than 2MB. However, uncertainties remain in the distribution and use of WannaFriendMe in attacks. The emergence of WannaFriendMe comes after Chaos ransomware had been used in attacks targeted at Japan-based Minecraft players. Fake Minecraft alt lists claimed to have stolen accounts have been used to facilitate device encryption with Chaos ransomware.