Tuesday, March 24, 2015

Warning to Gamers About Ransomware

Ransomware is a type of malicious software designed to block access to a computer system or files on that system, until a sum of money is paid to the attacker.

A little over a week ago, security researchers at Bromium Labs announced that they had discovered a new “crypto-ransomware” deemed “TeslaCrypt.” This is a variant of previously found malware, CryptoLocker, and is specifically targeting gamers. However, some reports say that the ransomware has also affected other file types like Word docs, Excel files, PowerPoint, and images.

Users are affected by visiting a compromised website (based on WordPress), which redirects them to the Angler exploit kit by using a Flash clip. Once the attack has occurred, the attacker encrypts the data and ransoms the files for either $1000 in PayPal My Cash or 1.5BTC in Bitcoins. Of course, this doesn’t always mean the attacker is going to give you back your files, so it’s best to always keep files backed up on another device or within the cloud.

This malware impacts data files for over 20 games, including the following:
  • Bethesda Softworks settings file 
  • F.E.A.R. 2 game 
  • Steam NCF Valve Pak 
  • Call of Duty 
  • EA Sports 
  • Unreal 3 
  • Unity scene 
  • Assassin’s Creed game 
  • Skyrim animation 
  • Bioshock 2 
  • Leagues of Legends 
  • DAYZ profile file 
  • RPG Maker VX RGSS 
  • World of Tanks battle 
  • Minecraft mod 
  • Unreal Engine 3 game file 
  • Starcraft saved game 
  • S.T.A.L.K.E.R. game file 
  • Dragon Age Origins game 
For more details on how this ransomware works, McAfee has done a great job of outlining the information and what happens as the attack occurs.