New crypto-ransomware attack holds your PC games hostage unless you cough up $500

Jos

Jos

Posts: 3,073   +97
Staff

A new kind of ransomeware designed specifically to target gamers has been doing the rounds according to security analysts at Bromium. The malware, which is a variant of crypto-ransomware called TeslaCrypt, seeks out over 50 file extensions related to video games including Steam, single and multiplayer games, even game development software, and locks the files down. PC gamers are then forced to pay up $500 in Bitcoin or $1,000 in PayPal My Cash cards within 3 days, or they permanently lose their data.

Among the targeted games are a mix of titles including StarCraft II, Warcraft III, Bioshock 2, Call of Duty, DayZ, Diablo, Fallout 3, League of Legends, Minecraft, Metro 2033, Half-Life 2, Dragon Age: Origins, Resident Evil 4, World of Tanks, Metin 2, The Elder Scrolls, among others. The malware also searches for files associated with mods and DLC for other popular titles, as well as photos, documents and iTunes-related files.

The vehicle for delivery is a compromised Wordpress website which redirects visitors to the Angler exploit kit by using a malicious Flash clip hidden in an invisible banner. The exploit only affects Internet Explorer (up to IE 11) and Opera browsers and it scans for virtual machine driver files and “some anti-virus products” before compromising a machine. 

cryptolocker- teslacrypt

The attack is designed to look like another crypto-ransomware that surfaced last year called CryptoLocker, presumably to cash on its notoriety. It even replaces your wallpaper with a similar ransom note. But researchers say TeslaCrypt shares little code with CryptoLocker or its CryptoWall successor.

Victim are required to install Tor in order to make the payment anonymously. Of course, security experts are advising people not to pay up, and are suggesting users who want to be extra careful can use external drives to keep backups while keeping them unplugged when not in use.

Permalink to story.

https://www.techspot.com/news/60130-ransomware-attack-holds-pc-games-hostage.html

 
I feel like we are going to see a boom of ransomware as it is more personal to the people it attacks and they are much more likely to comply than other viruses.
 
If you're not backing up to the cloud/NAS running a different OS from your main OS (Linux/FreeBSD for Windows Users and Windows Server for Linux users) then you're asking for trouble. So many free/cheap backup options now.

Here are a few reviews of cloud backups:
http://www.computerworld.com/articl...line-backup-services-keep-your-data-safe.html
http://lifehacker.com/five-best-online-backup-services-1006345049
http://online-backup-services-review.toptenreviews.com/

Here are some DIY NAS softwares (pretty much run on any old PC you have laying around or can build a dedicated one for <$400 including case/PSU):
www.freenas.org/
www.nas4free.org/
 
If you're going to backup to a NAS do not map the NAS directory to the workstation. Back up to a hidden share. \\nas\backup$
 
I highly doubt Steam would be susceptible to an attack of this nature, only local cache data from games and your save files are stored locally on your machine.

One way to ensure you are not vulnerable to an attack of this nature is to locally encrypt your files.
 
  • Like
Reactions: SalaSSin
I've encountered a large number of these infections at work already. No one seems to know how they were infected (no one ever does for any infection for that matter). This one concerns me more than most because of the damage it can inflict, and the reported infections through outdated extensions in Chrome & IE. Has anyone seen this infect a PC with Bitlocked drives? Is it able to damage them as well?
 
Im gonna throw a wild guess out here and say a pc gamer probably doesnt have more than half a dozen games installed they are consistently playing anyways so just find your savegame text files and do a nice ol reformat. oh yea and quit using internet explorer and opera. not using internet explorer should be obvious due to security risks over the years but now opera is in the same pool and everyone has began to frown at opera since they ditched presto. now theyre frowned upon even more unfortunately.
 
Guest said:
oh yea and quit using internet explorer and opera.
Click to expand...
Not many use Opera anyway. I did for awhile but not since the change to Google's engine. As for IE, you have heard IE is now RIP status and will be continued for Backward compatibility only in Windows 10 (Bringing Spartan to the table)?
 
Guest said:
I've encountered a large number of these infections at work already. No one seems to know how they were infected (no one ever does for any infection for that matter). This one concerns me more than most because of the damage it can inflict, and the reported infections through outdated extensions in Chrome & IE. Has anyone seen this infect a PC with Bitlocked drives? Is it able to damage them as well?
Click to expand...
I have seen a similar "virus" on a ThinkPad running w7 and also using Bitlocker. The virus was made to look like the local 5-0 have locked your computer and that you had to pay up 100€ to get the computer unlcoked. The guy who used that computer had local admin rights but I guess it's safer not to have local admin rights...
I have seen that same virus before too on a computer, twice, both times I couldn't care less and just reinstalled the OS and charged the full price for both jobs even tho the customer wanted to get the 2nd "cleanup" on warranty. My nice reply to that in the end was "too much porn" :D (I know, epic customer service)

Anyhow, to the topic. Pro-tip: don't download loads of random ****, don't open random links that people send, don't go to the dark side of the interweb.
 
  • Like
Reactions: Arris
Sheesh if my LoL files got encrypted I'd remove the ransomware and shift delete my LoL directory... Won't kill me to download my LoL install again...
 
JordLevy said:
Sheesh if my LoL files got encrypted I'd remove the ransomware and shift delete my LoL directory... Won't kill me to download my LoL install again...
Click to expand...
Hey take it easy now, I mean, after all, it's so much work n takes like what? -10minutes if even that much time to do :D
It's nice, fast n easy to fix with games that doesn't have the save files stored locally or games that has cloud sync on the save files...but the games that only has local files...rip...

On a side note here, this could actually be something that gamedevelopers have come up with to stop piracy...
 
"PC gamers are then forced to pay up $500 in Bitcoin or $1,000 in PayPal My Cash cards within 3 days, or they permanently lose their data."

Or just format the disk and reinstall Windows. Then disable autoplay (on optical media + USB sticks), don't open unknown .exe files (from web or someone else's USB sticks), don't visit iffy websites (or at least use Noscript, etc, for unknown ones), lockdown IE's security settings, block outgoing connections by default in firewall then make your own exceptions, uninstall / disable Java (unless you REALLY need it), don't use cracks / trainers from iffy sources, and make 2x (ideally 3) regular staggered data backups on different drives (ie, don't even rely on a single NAS backup especially if it's visible over the network on a default share, but have an additional 99% offline USB HDD + USB stick or two as well, and secure at least one of those from physical theft), etc.

The usual "how I survive the Internet" common sense.
 
No worries. I'm a Linux gamer so... you know. Good luck, Windows users! Sorry you didn't listen to us "crazy" Linux people but have fun with that! ;-)

I'm making jokes but if we buy Linux ported games and we contact game devs asking them to support Linux too, then we'll have a safe alternative. Please do your part!
 
  • Like
Reactions: Jack Buaer
Onose! I have to run a Steam File Integrity Check. The humanity!

I guess the major thing you would lose are game saves. But honestly you have bigger problems such as losing every document you created without having a backup. Game saves are probably the least of concern.

Even then Cloud Saves are on most games.
 
  • Like
Reactions: SalaSSin
This is why you back your crap up everyday to a off location drive, blow your OS away reinstall and restore , and don't download or look at emails you don't know. Ransomware is for the stupid and dumb.
 
Guest said:
I've encountered a large number of these infections at work already. No one seems to know how they were infected (no one ever does for any infection for that matter). This one concerns me more than most because of the damage it can inflict, and the reported infections through outdated extensions in Chrome & IE. Has anyone seen this infect a PC with Bitlocked drives? Is it able to damage them as well?
Click to expand...
Because most ransom ware programs are worms, the thing is the encryption key is still resident in memory as long as you do not reboot.
 
You must log in or register to reply here.

Similar threads

midian182
A ransomware group says it has stolen almost 200GB of data from Epic Games (updated)
Replies
5
Views
170
return
return
A
Ransomware operations made more than $1 billion in 2023
Replies
1
Views
144
brucek
brucek
midian182
LockBit ransomware group member sentenced to four years for infecting over 1,000 systems
Replies
5
Views
160
Uncle Al
Uncle Al

Latest posts

Back