MC Ransomware

The MC Ransomware is also referred to as the Minecraft Ransomware because it requires the victims to play the popular video game Minecraft to remove the MC Ransomware lock screen from their computers. The MC Ransomware has many elements in common with the PUBG Ransomware, a ransomware threat first observed in early April 2018. The MC Ransomware's purpose is to force computer users to play Minecraft, a popular video game published by Mojang and Microsoft. The MC Ransomware does not encrypt the victims' data, despite the fact that it claims to do so. The MC Ransomware displays a ransomware window, a sort of lock screen that will remain on the victims' computers until the victims load Minecraft onto their computers.

How the MC Ransomware Attack Works

The MC Ransomware was first observed on April 18, 2018. PC security researchers have been studying a copy of the MC Ransomware that does not include an encryption component. However, it is possible that newer versions of the MC Ransomware will be capable of encrypting the victim's files. Most of these threats function by taking the victims' files hostage. To do so, threats like the MC Ransomware will use the AES encryption, or other advanced forms of encryption, to take the victim's files hostage, making them inaccessible to anyone that does not have the decryption key. These threats will target the user-generated files in their attacks, which may include the following file types:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

These attacks will avoid encrypting the Windows system files and applications since they require the victims' computers to remain functional so that the victims can read a ransom note or pay a ransom using their Web browser. The MC Ransomware and similar threats are delivered using spam email messages with corrupted file attachments, which may take the form of DOC, DOCX, or PDF files with compromised, embedded macros that download and install threats like the MC Ransomware when they are opened. Social engineering techniques may be used to convince the victim to download the damaged file attachment.

What Happens When the MC Ransomware is Installed on a PC

After the MC Ransomware being installed, the MC Ransomware displays a program window with the title 'MC Ransomware // made by NATroutter (NATroutter.net || BeaverSquad.net),' which includes an image of a building created in Minecraft and the message 'Status: Waiting for Minecraft.' This program window will remain on the victim's computer until the victim loads Minecraft. Although the MC Ransomware seems harmless, it would be trivial for the con artists to modify the MC Ransomware so that it demands a large amount of money rather than needing the victim to play a video game. Furthermore, it is not unlikely that updated versions of the MC Ransomware that use effective encryption techniques may be released to carry out attacks on victims. In fact, there are already various threatening programs active already that carry out these attacks on their victims. Because of this, it is crucial to take precautions to prevent these attacks.

SpyHunter Detects & Remove MC Ransomware