New Ransomware Targets PC Games

[jecho]

Cryptolocker-like malware maliciously encrypts savegames and other data for a number of popular titlesIf you're a gamer, be on the lookout for a nasty new piece of malware that will make your mods, savegames, and other game data inaccessible via encryption. The cybercriminals behind the scheme are seeking to extort users by forcing those unlucky enough to be infected to make a large payment in Bitcoin in order to receive an unlock key.

The malware, which is a variant of the crypt-ransomware called TeslaCrypt, superficially looks like CryptoLocker. But according to a number of security researchers who have analyzed the malware, it shares little code with CryptoLocker or its more well-known successor CryptoWall. And while it will also will target photos and documents, as well as iTunes-related files, as Bromium security researcher Vadim Kotov noted in an analysis on Bromium Labs' blog, TeslaCrypt also includes code that specifically looks for files related to more than 40 specific PC games, gaming platforms, and game developer tools. The games include both single player and multiplayer games, though it isn't clear how targeting some of the multiplayer games would affect users other than requiring a re-install.

The games targeted include a mix of older and newer titles— for example, Blizzard's StarCraft II and WarCraft III real-time strategy games and its World of Warcraft online game are targeted. Also on TeslaCrypt's hit list: Bioshock 2, Call of Duty, DayZ, Diablo, Fallout 3, League of Legends, F.E.A.R, S.T.A.L.K.E.R, Minecraft, Metro 2033, Half-Life 2, Dragon Age: Origins, Resident Evil 4, World of Tanks, Metin 2, and The Elder Scrolls (specifically, Skyrim-related files), as well as Star Wars: The Knights Of The Old Republic. There's also code that searches for files associated with games from specific companies that affect a wide range of titles, including a variety of games from EA Sports, Valve, and Bethesda, and Valve's Steam gaming platform. And the game development tools RPG Maker, Unity3D and Unreal Engine are targeted as well."

These files are all targeted by their file extension, Kotov reported. "Concretely these are user profile data, saved games, maps, mods, etc," he said. "Often it’s not possible to restore this kind of data even after re-installing a game via Steam."

Source:http://arstechnica.com/security/2015/03/cryptolocker-look-alike-searches-for-and-encrypts-pc-game-files/]http://arstechnica.com/security/2015/03/cryptolocker-look-alike-searches-for-and-encrypts-pc-game-filesOther Sources:

Click here to view the article

[mr moose]

I know not everyone can afford to do it, but this is why I have three computers, One for gaming and general pissing about (if it gets a virus like this I just format and backup to a 3monthly image), my work laptop which never sees a game, I sometimes runs linux on this machine.  And my last one is for my tools (oscilloscope, room analysis software etc) it is hardly on the net (just for drivers and windows update.

[zacRupnow]

Malwarebytes and AVG cover this right?

[Albatross]

What is "Cryptolocker"? Is it really that much of a threat?

[Syntaxvgm]

What is "Cryptolocker"? Is it really that much of a threat?

It's the media coined term for malware that encrypts your hard drive and charges you a ransome to decrypt it. It's been around for years, but recently been a popular attack on those who have files they can't afford to lose, because there is money to be made

The actual "cryptolocker" was a trojan from email attachments in 2013 on, and it got big enough to be reconised in the media and thus the term was coined for a practice cryptovirology that charges a ransom for your files. Whole "kleenex" situation there in a way for naming. 

 

I got something similar on one of my systems in like 2007 myself, it just did it to cause damage, didn't offer an rnsom to unlock files, but it's definitely been around. 

[brownninja97]

well this is great.

[XTankSlayerX]

How do you get infected? @OP Read the sticky thread on this subforum btw

[ttam]

Malwarebytes and AVG cover this right?

Nope

 

How do you get infected? @OP Read the sticky thread on this subforum btw

Well. No one knows how. It can come through 60 different ways.

[Ryouichi Kiriyami]

AAAAAAAND this is why i have 2 harddrives.windows on one i can easily restore and baselocked 1tb other hdd

[kuddlesworth9419]

Is there a way to encrypt your files after your files have been encrypted. Or is there a way of getting past this like contacting the police or something for help as it's illegal activity and damage to your stuff.

[Syntaxvgm]

Is there a way to encrypt your files after your files have been encrypted. Or is there a way of getting past this like contacting the police or something for help as it's illegal activity and damage to your stuff.

Good encryption can't be broken without the resources well beyond what would be allocated to one persons files. 

And encrypted encrypted files are just encrypted encrypted files. Like double condoms, multiple layers of encryption can backfire. 

[Castdeath97]

Not even worried because macs don't get viruses...Jk 

[jecho]

How do you get infected? @OP Read the sticky thread on this subforum btw

I wasn't able to give much details since my source and other sources I read didn't shed much light. I did think cause of the list of games that can be infected that it is important for people to know even if the specifics of this attack aren't in the news yet.

[ice856]

I always backup my entire hard drive every month. So its not a big deal.

[Trik'Stari]

What kind of douche bag comes up with shit like this?

[NumLock21]

There are other cryptolockers out there as well that attack personal files such as photos and documents. I've heard that these even went as far as locking the files on your dropbox and other computers that you may have on the network. So the only save way of keeping your data safe is to backup regularlly and physically unplug the drive.

[kuddlesworth9419]

Good encryption can't be broken without the resources well beyond what would be allocated to one persons files. 

And encrypted encrypted files are just encrypted encrypted files. Like double condoms, multiple layers of encryption can backfire. 

I see, so this effectively bricks your storage device. Would you be able to wipe HDD or SSD and then start all over again or would the encryption prevent that.

[A.D.A.M]

What kind of douche bag comes up with shit like this?

ultra douchbags.

[VerticalDiscussions]

Im sorry, but what exactly is this supposed to do and how it appears? I have played some of those games and i havent seen anything of the sort like that to appear to me o-o.

[zacRupnow]

Nope

 

Well. No one knows how. It can come through 60 different ways.

So it goes to Steam, Origin, and U-AlreadyCan't-Play game files and then to the user.

Solution? Buy the Disk version, or pay on steam but pirate the download.

[Snickerzz]

So it goes to Steam, Origin, and U-AlreadyCan't-Play game files and then to the user.

Solution? Buy the Disk version, or pay on steam but pirate the download.

because torrenting them woild be way safer right?

[zacRupnow]

because torrenting them woild be way safer right?

most torrents actually are, ironically 

[Kamina]

Good thing my Quantum computer can decrypt these. 

[Sanctuary2808]

Can't you just boot into a Linux USB, copy files off and erase the HDD? Though I guess that comes with the risk of the malware being copied over as well...I find it hard to believe there is no work-around.

 

What I said was silly, just make regular backups instead. Things like CryptoLocker are why you should invest in a 1-2TB External HDD and make regular backups. It isn't like an external HDD costs that much...

[jecho]

Can't you just boot into a Linux USB, copy files off and erase the HDD? Though I guess that comes with the risk of the malware being copied over as well...I find it hard to believe there is no work-around.

I think the way these things work is by encrypting the files on your PC. So you would be able to copy the files. You would have to find out how to decrypt those files you pulled.