Remember Cryptolocker, that nasty little program that encrypts your files and then demands expensive bitcoins for your files' decryption? While it is still making the rounds on the internet, a new version of the malware has surfaced, and it is reportedly targeting gamers.
According to a report by Bromium Labs, the new variant of the Cryptolocker ransomware, which goes by the name TeslaCrypt, aims to extort money from gamers by making them pay to unlock game files which they already own. The malware apparently impacts data files of over 20 games, and is distributed through a drive-by download attack from a website which then redirects an unknowing user to the Angler exploit kit by utilizing a Flash clip. The compromised website is purportedly running under WordPress, where a malware attack has also been hosted before.
The malware targets 185 file extensions, and encrypts game saves, maps, mods, replays, and other user-generated game content, which cannot be retrieved if a game is reinstalled.
The list of games that are affected by the malware program includes Call of Duty, StarCraft, Diablo, Fallout, Minecraft, Assassin's Creed, Half Life 2, and Bioshock 2, among others. Digital game distribution platform Steam is allegedly targeted, as well as game development software such as RPG Maker, Unity3D, and Unreal Engine.
Bromium Labs researcher Vadim Kotov states:
Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminal target new niches. Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music. Non gamers are also likely to be frustrated by these attacks if they lose their their personal data.
To prevent loss of data in the future, the researcher suggests gamers to always backup their files on an external hard drive. He also warns gamers about the integration of Bitcoin code in malicious software. Kotov emphasizes:
As more file categories are infected, a broader audience is affected. The attackers are also getting better at incorporating BitCoin code directly into their projects. Which isn’t a good sign.
It is currently being analyzed if there is any way to decrypt the harmed files without paying a ransom.