New crypto-ransomware attack holds your PC games hostage unless you cough up $500

By Jos · 19 replies
Mar 23, 2015
Post New Reply
  1. A new kind of ransomeware designed specifically to target gamers has been doing the rounds according to security analysts at Bromium. The malware, which is a variant of crypto-ransomware called TeslaCrypt, seeks out over 50 file extensions related to video games including Steam, single and multiplayer games, even game development software, and locks the files down. PC gamers are then forced to pay up $500 in Bitcoin or $1,000 in PayPal My Cash cards within 3 days, or they permanently lose their data.

    Among the targeted games are a mix of titles including StarCraft II, Warcraft III, Bioshock 2, Call of Duty, DayZ, Diablo, Fallout 3, League of Legends, Minecraft, Metro 2033, Half-Life 2, Dragon Age: Origins, Resident Evil 4, World of Tanks, Metin 2, The Elder Scrolls, among others. The malware also searches for files associated with mods and DLC for other popular titles, as well as photos, documents and iTunes-related files.

    The vehicle for delivery is a compromised Wordpress website which redirects visitors to the Angler exploit kit by using a malicious Flash clip hidden in an invisible banner. The exploit only affects Internet Explorer (up to IE 11) and Opera browsers and it scans for virtual machine driver files and “some anti-virus products” before compromising a machine. 

    cryptolocker- teslacrypt

    The attack is designed to look like another crypto-ransomware that surfaced last year called CryptoLocker, presumably to cash on its notoriety. It even replaces your wallpaper with a similar ransom note. But researchers say TeslaCrypt shares little code with CryptoLocker or its CryptoWall successor.

    Victim are required to install Tor in order to make the payment anonymously. Of course, security experts are advising people not to pay up, and are suggesting users who want to be extra careful can use external drives to keep backups while keeping them unplugged when not in use.

    Permalink to story.

  2. AnonymousSurfer

    AnonymousSurfer TS Guru Posts: 452   +40

    I feel like we are going to see a boom of ransomware as it is more personal to the people it attacks and they are much more likely to comply than other viruses.
  3. stewi0001

    stewi0001 TS Evangelist Posts: 1,681   +1,079

    Another kick in the [insert whatever here] for IE.
  4. insect

    insect TS Evangelist Posts: 349   +132

    If you're not backing up to the cloud/NAS running a different OS from your main OS (Linux/FreeBSD for Windows Users and Windows Server for Linux users) then you're asking for trouble. So many free/cheap backup options now.

    Here are a few reviews of cloud backups:

    Here are some DIY NAS softwares (pretty much run on any old PC you have laying around or can build a dedicated one for <$400 including case/PSU):
  5. j05hh

    j05hh TS Booster Posts: 156   +34

    If you're going to backup to a NAS do not map the NAS directory to the workstation. Back up to a hidden share. \\nas\backup$
  6. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,713   +3,688

    My backups are hidden. They are optical media. I can start from scratch with very little updating needed.
  7. MonsterZero

    MonsterZero TS Evangelist Posts: 440   +223

    I highly doubt Steam would be susceptible to an attack of this nature, only local cache data from games and your save files are stored locally on your machine.

    One way to ensure you are not vulnerable to an attack of this nature is to locally encrypt your files.
    SalaSSin likes this.
  8. Uncle Al

    Uncle Al TS Evangelist Posts: 3,321   +1,970

    Awwww hell, just delete it and start again. After all, it's just a frigg'in game and it will be just as much fun the next time around!
  9. I've encountered a large number of these infections at work already. No one seems to know how they were infected (no one ever does for any infection for that matter). This one concerns me more than most because of the damage it can inflict, and the reported infections through outdated extensions in Chrome & IE. Has anyone seen this infect a PC with Bitlocked drives? Is it able to damage them as well?
  10. Im gonna throw a wild guess out here and say a pc gamer probably doesnt have more than half a dozen games installed they are consistently playing anyways so just find your savegame text files and do a nice ol reformat. oh yea and quit using internet explorer and opera. not using internet explorer should be obvious due to security risks over the years but now opera is in the same pool and everyone has began to frown at opera since they ditched presto. now theyre frowned upon even more unfortunately.
  11. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,713   +3,688

    Not many use Opera anyway. I did for awhile but not since the change to Google's engine. As for IE, you have heard IE is now RIP status and will be continued for Backward compatibility only in Windows 10 (Bringing Spartan to the table)?
  12. DjKraid

    DjKraid TS Guru Posts: 551   +26

    I have seen a similar "virus" on a ThinkPad running w7 and also using Bitlocker. The virus was made to look like the local 5-0 have locked your computer and that you had to pay up 100€ to get the computer unlcoked. The guy who used that computer had local admin rights but I guess it's safer not to have local admin rights...
    I have seen that same virus before too on a computer, twice, both times I couldn't care less and just reinstalled the OS and charged the full price for both jobs even tho the customer wanted to get the 2nd "cleanup" on warranty. My nice reply to that in the end was "too much porn" :D (I know, epic customer service)

    Anyhow, to the topic. Pro-tip: don't download loads of random ****, don't open random links that people send, don't go to the dark side of the interweb.
    Arris likes this.
  13. JordLevy

    JordLevy TS Member Posts: 17

    Sheesh if my LoL files got encrypted I'd remove the ransomware and shift delete my LoL directory... Won't kill me to download my LoL install again...
  14. DjKraid

    DjKraid TS Guru Posts: 551   +26

    Hey take it easy now, I mean, after all, it's so much work n takes like what? -10minutes if even that much time to do :D
    It's nice, fast n easy to fix with games that doesn't have the save files stored locally or games that has cloud sync on the save files...but the games that only has local

    On a side note here, this could actually be something that gamedevelopers have come up with to stop piracy...
  15. BSim500

    BSim500 TS Evangelist Posts: 387   +659

    "PC gamers are then forced to pay up $500 in Bitcoin or $1,000 in PayPal My Cash cards within 3 days, or they permanently lose their data."

    Or just format the disk and reinstall Windows. Then disable autoplay (on optical media + USB sticks), don't open unknown .exe files (from web or someone else's USB sticks), don't visit iffy websites (or at least use Noscript, etc, for unknown ones), lockdown IE's security settings, block outgoing connections by default in firewall then make your own exceptions, uninstall / disable Java (unless you REALLY need it), don't use cracks / trainers from iffy sources, and make 2x (ideally 3) regular staggered data backups on different drives (ie, don't even rely on a single NAS backup especially if it's visible over the network on a default share, but have an additional 99% offline USB HDD + USB stick or two as well, and secure at least one of those from physical theft), etc.

    The usual "how I survive the Internet" common sense.
  16. seamfa

    seamfa TS Rookie

    If only it were JUST gaming files! Unfortunately, this also encrypts iTunes, databases, documents...
  17. Sounds like you or someone you know got hit by this truck..?
  18. Joel F

    Joel F TS Rookie

    No worries. I'm a Linux gamer so... you know. Good luck, Windows users! Sorry you didn't listen to us "crazy" Linux people but have fun with that! ;-)

    I'm making jokes but if we buy Linux ported games and we contact game devs asking them to support Linux too, then we'll have a safe alternative. Please do your part!
    Jack Buaer likes this.
  19. loading

    loading TS Enthusiast Posts: 67   +13

    Onose! I have to run a Steam File Integrity Check. The humanity!

    I guess the major thing you would lose are game saves. But honestly you have bigger problems such as losing every document you created without having a backup. Game saves are probably the least of concern.

    Even then Cloud Saves are on most games.
    SalaSSin likes this.
  20. Jack Buaer

    Jack Buaer TS Rookie

    This is why you back your crap up everyday to a off location drive, blow your OS away reinstall and restore , and don't download or look at emails you don't know. Ransomware is for the stupid and dumb.
  21. Jack Buaer

    Jack Buaer TS Rookie

    Because most ransom ware programs are worms, the thing is the encryption key is still resident in memory as long as you do not reboot.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...