A new ransomware variant is targeting gamers and preventing them from getting stuck into the action.
Claiming to be a new variant of CryptoLocker, research by Bromium found that the new variant aims to make gamers pay to unlock what they already own and data files for more than 20 games can be affected by the threat.
Once infected, the ransomware seeks out saved games and other files and encrypts them and is only unlocked if the victim pays at least $500 (£340) in Bitcoins.
The payment procedure is operated through a website located in the TOR domain and affected users of games including Call of Duty, Diablo, Minecraft, Assassin’s Creed and World of Warcraft. Also affected are the Steam gaming software, and game development software RPG Maker, Unity3D and Unreal Engine
Vadim Kotov, senior security researcher at Bromium, said: “This CryptoLocker variant has been getting distributed from a compromised website that was redirecting the visitors to the Angler exploit kit by using a Flash clip. Bromium Labs notified the owner of the website, but they haven’t responded.
“The website is based on WordPress and could have been compromised by any one of the numerous WP exploits. Additionally, the URL where the malicious Flash file is hosted keeps changing.”
He also claimed that the ransomware is called TeslaCrypt, which was detected in February as using AES encryption and placing a strong emphasis on encrypting video game related files.
The encryption process enumerating all logical drives visible to the system, then traverses through the folder tree of each drive and encrypts files which match to one of the 185 extensions. “AES cipher is used for file encryption and our experiments show the key is randomly generated for each file,” he said.
