MCNB Ransomware
MCNB is a threatening malware classified as ransomware. The MCNB Ransomware aims to infect the victim's computer and then encrypt the data stored there with a strong cryptographic algorithm. Afterward, most ransomware threats create a file containing the demands of the cybercriminals responsible for unleashing them. Typically, the hackers want to receive a monetary payment in one of the popular cryptocurrencies. It seems that the MCNB Ransomware is mainly geared towards attacking Chinese citizens because its ransom note is written in Chinese entirely, without any translations to other languages.
When it encrypts a file, the threat marks it by appending '.MCNB' to that file's original name. Then, it creates two ransom notes on the compromised system. One is contained inside a text file named '@readme@.txt,' while the other will be displayed in a pop-up window generated from a '@RecoveryYourFiles@.exe' file.
The Peculiar Demands Leave Victims Confused
A rough translation of both notes reveals that they are practically identical. However, the apparent demands of the hackers behind the MCNB Ransomware, are beyond strange. Usually, the note urges victims to send a ransom payment to a provided crypto-wallet address. However, MCNB's ransom note lacks any mention of such details. Instead, the attackers tell their victims that to start the process to get their data back, they have to click on the 'Decrypt' button in the pop-up window. Doing so opens the official website of the extremely popular video game Minecraft. The next demand of the hackers is for the victims to buy the Java edition of the game and then send proof of the purchase.
The weird demands do not stop there, though. MCNB continues with the strangeness by asking all affected users to remove the Mini World video game from their devices and delete any posts about it from their social media accounts.
Currently, it cannot be determined if these are the legitimate goals of the criminals behind MCNB Ransomware. It is entirely possible that the ransom note is just a placeholder used during the testing period of the threat.
