Ransomware is one of the latest tactics used by cybercriminals to extract money from victims. CryptoLocker hit the headlines last year, encrypting the files on infected machines until a ransom was paid. Now the same idea has spread to the world of gaming thanks to Teslacrypt.
Teslacrypt works in much the same way as CryptoLocker, but its raison d'etre is seek out game saves and download content for dozens of popular titles and hold them to ransom. Until victims cough up $500 in Bitcoins, or make a $1,000 PayPal payment, there is no way to access the games.
Despite the similarities to CryptoLocker, security analysts at Bromium say the malware comes from a different group of cybercriminals and doesn’t share any code. Infections come via a compromised gaming site which uses a Flash vulnerability to redirect visitors to the Angler exploit kit. As the site is based on WordPress, Bromium says it could have been compromised using any one of a number of exploits.
Once a computer has been infected, the malware starts its hunt for 185 different file type, more than half of which are associated with games. On the list of targeted titles are Call of Duty, Half-Life 2 and Fallout 3, as well as online games including World of Warcraft and Steam titles.
Bromium Labs' Vadim Kotov said:
Files are targeted by extension. Concretely these are user profile data, saved games, maps, mods etc. Often it’s not possible to restore this kind of data even after re-installing a game via Steam.
While CryptoLocker was cracked so that victims could decrypt their files without having to pay a ransom, this has yet to happen for Telsacrypt.
Photo credit: Phoenixns / Shutterstock