Enlisted
Image: Cyble

Hackers infect Russian-speaking gamers with fake WannaCry ransomware

Researchers have uncovered a phishing campaign targeting Russian-speaking players of Enlisted, a multiplayer first-person shooter.

The hackers used a fake website that closely resembles the official Enlisted webpage to distribute ransomware, according to a report published this week by cybersecurity firm Cyble.

While researchers haven't attributed this attack to any particular group, they believe that the campaign is connected to the ongoing war between Russia and Ukraine.

Enlisted is a free-to-play game that takes place during World War II and revolves around major battles fought across all war fronts. The game was published by Russia-founded company Gaijin Entertainment in 2021 and has between 500,000 and a million active monthly players.

The fake Enlisted website hosts a legitimate game installer and ransomware that mimics the infamous WannaCry cryptoworm, purportedly created by the North Korean hacking group Lazarus.

The ransomware has adopted the name WannaCry 3.0 and used the wncry file extension for encrypting files, although it is not a genuine variant of WannaCry.

The malicious software distributed by cybercriminals through Enlisted is a customized variant of open-source ransomware known as Crypter. It is designed for Windows systems and coded in Python.

Once inside the victim's system, WannaCry 3.0 encrypts the files and displays a ransom note saying that documents, videos, images, and other computer files cannot be unlocked without the decryption key.

The ransomware note provides instructions on how to contact the hackers through Telegram to negotiate the decryption fee and also includes a warning about the payment deadline and features a button to access the list of encrypted files.

WannaCry ransom.jpg
A ransomware note with instructions from hackers using malicious fakes of Enlisted. Source: Cyble

Lastly, WannaCry 3.0 changes the desktop background image to remind victims to follow the instructions.

Threat actors frequently target popular games to reach a larger pool of potential victims, according to Cyble. While searching for free or pirated games, some gamers disregard security measures and unknowingly download malicious software onto their systems, the researchers said.

In January, for example, cybercriminals devised scams around The Last of Us, hoping to attract players who anticipated the release of the TV series of the same name on HBO.

Prior to release of the show, fraudsters distributed malware disguised as a download of the game for PC and offered a malicious version for PlayStation.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.