A new ransomware has come forth in taking the unusual selling approach for selling on the gaming platform, Roblox, its decryptor making use of the in-game currency, Robux. 

Roblox is a popular gaming platform online where gamers design their games, monetizing them by selling the game passes. This offers access to in-game items, enhanced features, and special access. Gamers use Robux, the in-game currency to buy these Game Passes. 

Selling the Decryptors in Roblox

MalwareHunterTeam, the security researcher discovered a new ransomware called “WannaFriendMe” that deceives the Ryuk Ransomware. In reality, however, it is Chaos Ransomware’s variant. 

A threat actor, in June 2021, started selling a Chaos ransomware builder, allowing wannabe criminals to make their ransomware infection with different features like encrypted files, and customized ransom notes, among other features. 

By its default, using the .ryuk extension, Chaos builder pretends to be Ryuk using it. 

What sets the WannaFriendMe ransomware apart from the rest is that instead of taking ransom payment in the form of crytopcurrency, victims are required to buy and use Robux to buy a decryptor from the Game Pass Store in Roblox. The ransom note gives the message of file encryption and the conditions. 

In Roblox Game Pass Store, when you visit the URL you’ll see the Ryuk Decrypter being sold by “iRazormind” for around 1,499 Robux, updated last on June 5th.

Chaos Ransomware variants may destroy the data as well other than just encrypting it. When encrypting, a file larger than 2MB is not encrypted but rather overwritten using random data. So, purchasing a decryptor only recovers files lower than 2MB. 

Roblox had told BleepingCompuer that the decrypter account and Game Pass were removed safely for safety purposes. 

While it remains unclear how the ransomware is spread and how it attacks, its destruction, and targets, it may lead to damage. Nevertheless, this isn’t the first Chaos ransomware variant that targets gamers,

Threat actors had targeted the Japanese Minecraft players using “alt lists” that contained stolen Minecraft accounts.

For more, stay updated with the latest Roblox information.