CryptoLocker Variant Targets 20+ Online Games

A new crypto-ransomware variant is giving gamers a whole new meaning for “unlocking” rewards. Research has uncovered a campaign that’s targeting more than 20 different online games.

The perpetrators are taking aim at a virtual who’s who of online gaming, including Call of Duty, Diablo, Minecraft, Half-Life 2, Skyrim, Star Wars: The Knights of the Old Republic, F.E.A.R, Assassin’s Creed, World of Warcraft, various EA Sports games and the Steam online gaming platform—among others.

According to Bromium, the ransomware is being distributed from a compromised web site that redirects visitors to the Angler exploit kit by using a Flash clip. The website is based on WordPress and could have been compromised by any one of the numerous WP exploits that are available, reported the firm. And, the URL where the malicious Flash file is hosted keeps changing.

The malware is called TeslaCrypt, which takes its cues from the infamous CryptoLocker. It targets 185 different file extensions—or pretty much any kind of file that most gamers would have on their PCs, including iTunes audio files.

“Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminals target new niches,” Bromium researchers noted in an analysis. “Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music. Non-gamers are also likely to be frustrated by these attacks if they lose their personal data.”

Despite the snappy name, the similarity between the original CryptoLocker and TeslaCrypt is negligible (approximately 8%), researchers explained: “So it would seem the attackers are just re-using the brand.”

As always, users—gamers or not—should keep their files backed on an external hard drive, which should in turn be kept unplugged when online. 

What’s Hot on Infosecurity Magazine?