Markets
Share this article

New Crypto-Stealing Ransomware Targets Fortnite Players

A new ransomware masquerades as a Fortnite cheat and asks victims to pay up in crypto.

By John Biggs
Updated Dec 11, 2022, 7:48 p.m. Published Aug 26, 2019, 7:00 p.m.
shutterstock_1113538160

A new piece of ransomware called Syrk will encrypt files on your hard drive while deleting entire folders if the ransom is not paid. The malware is based on the open source Hidden-Cryhttps://github.com/thelinuxchoice/hidden-cry program, an encryptor that appeared online last December and has been the basis for many bits of malware over the past year.

fortnite_ransomware_01
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Image via Cyren

Home to some 250 million players, Fortnite users are a prime target for this kind of malware.

“Combining game malware with ransomware was inevitable,” said Chris Morales, head of security analytics at Vectra. “Social engineering through online video games has been going on for some time. It is a large audience to target and an industry that is known to look for shortcuts. Malware posing as a hack tool is novel as it will not be validated by any app store and bypasses the normal security controls. This makes encrypting files using a game hack highly opportunistic and easy to execute.”

Syrk targets Fortnite users by masquerading as a cheating app for the game. The Syrk malware appears as "SydneyFortniteHacks.exe" and when it is run the app begins encrypting files on the user's hard drive and USB drives. If a ransom isn't paid in crypto the app starts deleting one important folder after another, culminating in your Documents folder

“The next step is it will set a timed procedure to try and delete the encrypted files in the directories listed below, deleting the files every two hours in the following order: %userprofile%\Pictures; %userprofile%\Desktop; and %userprofile%\Documents,” the researchers wrote.

Luckily the malware is based on a known attack vector and the software is easy to circumvent. Victims can easily unlock their computers by looking for a few text files on their drives. These files contain the passwords use to shut down the ransomware before it can delete your files, a nice feature that should stop many from having to shell out crypto for a clean computer.

Given the ease with which users can disable the malware, it's not clear how many victims paid the crypto ransom the creators required.

Image via Shutterstock.

MalwareGamingNewsFortnite

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Bitcoin’s Deep Correction Sets Stage for December Rebound, Says K33 Research

By Helene Braun, AI Boost|Edited by Cheyenne Ligon
4 hours ago
(Unsplash)

K33 Research says market fear is outweighing fundamentals as bitcoin nears key levels. December could offer an entry point for bold investors.

What to know:

  • K33 Research says bitcoin’s steep correction shows signs of bottoming, with December potentially marking a turning point.
  • The firm has argued that the market is overreacting to long-term risks while ignoring near-term signals of strength, like low leverage and solid support levels.
  • With likely policy shifts ahead and cautious positioning in futures, K33 sees more upside potential than risk of another major collapse.
Read full story