Reading Time: 5 minutes

The multi-platform game Fortnite has become a fixture in popular culture over the last few years, with hundreds of millions of people playing the battle royal competition on a regular basis. [1] The game has also created a boost in the e-sports market, as the best Fortnite players in the world are now making a career out of professional gaming.

But like with any popular technology, there will always be nefarious individuals looking to profit from unsuspecting consumers. Since the early days of the internet, cyber attackers have targeted the applications or platforms that had the widest user base and now Fortnite players are experiencing that pain.

In this article we’ll examine the latest form of cyberattack that is hitting the Fortnite community and provide tips for recovering from this malware and avoiding it in the future.

Malware by Deception
The cyberattack being targeted at Fortnite players is a type of ransomware which involves a cyber attacker locking or encrypting all the data on your computer and then displaying a message on-screen that demands a cash or Bitcoin payment. [2] In theory, if you submit the payment as requested, then the cyber attacker will remove the lock on your files.

Fortnite players are being tricked into installing this malware because of it being marketed as a cheat pack. Cyber attackers are posting download links across the web and telling Fortnite players that installing the package will give them an auto-aiming tool and the option to discover other users on the game map.

In reality, the fake cheat pack is actually a well-known ransomware ransomware encrypting agent known as Syrk. [3] When installed, the malware automatically disables your computer’s security features and then loops through your entire local hard drive to make it impossible to open any files. As of now, the Syrk virus that is affecting Fortnite players is specific to the Windows operating system. Players on console platforms do not have to be as concerned about it.

Recovering from an Attack

When you first detect that your computer has become infected with ransomware due to a malicious Fortnite package, it’s important to act quickly. First, disconnect your computer from the rest of your local network. Otherwise there is a chance that the virus could spread to other devices.

The good news about the Syrk form of ransomware is that it’s based on a piece of open-source software. As a result, many countermeasures have been developed and are available for public use. [4] The easiest solution is to search for a file called “-pw+.txt” or “+dp-.txt” in your local Windows folder. The decryption key is stored there and can be entered on the ransomware screen to remove the virus.

If you are unable to reverse the encryption of the Syrk virus, then the remaining approach is to wipe the local hard drive entirely and revert to a recent backup. This underlines the importance of capturing secured snapshots of your data on a regular basis so that no files are lost in case of a ransomware attack. [5]

How to Stay Safe
Education is the most critical factor when it comes to staying safe online, especially for children and teens who spend countless hours on devices playing games like Fortnite. [6] If they do not know about the threat of ransomware and how to identify a suspicious piece of software, then they become extremely vulnerable to cyberattacks.

The brilliant part of this style of attack is that it works because of the nature of the bait offered – ways to cheat at Fortnite. No matter how diligently you may fortify your security measures against the latest in malware, no matter how many steps you may have taken to ensure your online anonymity, none of that matters if you can’t resist clicking that tempting ransomware download link. [7] By doing that, you invite the bad guys right past every defensive measure.

Purchases and downloads for Fortnite should be made directly through the game’s main application. Players need to watch out for advertising pop-ups and email phishing scams that claim to offer bonuses or cheat codes. Before clicking on any link, check the URL it is pointing to and watch out for any domain that is not registered to the Fortnite developers.

Every computer in your home that connects to the internet should be set up with reliable antivirus software that scans your system on a regular basis and checks for definition updates. To make things more secure, consider adding a firewall to your network that will scan all traffic and block malicious software such as the Syrk virus. [8]

Other Targets of Ransomware
In recent years, ransomware has become one of the most popular strategies for cybercriminals across various industries and organizations. In a typical Fortnite attack, the cyber attacker has to pinpoint individual users. But in a corporate or government setting, all it takes is one employee who accidentally installs the malware and the entire office at risk. [9]

In particular, cyber attackers may look to launch social engineering attacks against local governments and healthcare providers. [10] Depending on the technological maturity of these organizations and their networks, there may be access loopholes that make it easy to spread ransomware. And because of the sensitive nature of their data repositories, cyber attackers can extort more money from them than a single Fortnite player who mows lawns after school.

Cybersecurity experts all agree that organizations should avoid paying ransoms to cyber attackers whenever possible. Simply put, there is no guarantee that the criminals behind an attack will ever release the encrypted files. Maintaining a disaster recovery (DR) plan can help you prepare for this type of situation and be ready to react appropriately. [11]

Final Thoughts

Cybercriminals are always looking for large groups of people on the internet who might be susceptible to attack. Sudden growth in a video game like Fortnite represents the exact opportunity that cyber attackers are after. It should be no surprise that ransomware viruses are now being designed to look like Fortnite add-ons and cheat packages.

Most of the Fortnite-based ransomware that has been discovered to date uses the Syrk form of malware, which can wreak havoc on the Windows operating system and bypass many of the security tools you have in place. The virus will essentially hold your local hard drive hostage in exchange for payment. All online gamers need to be aware of the ransomware threat and stay alert for suspicious links or downloadable files.

About the Author

Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with an emphasis on technology trends in cyber warfare, cyber defense, and cryptography.

Disclaimer: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of EC-Council.