Gamers are now being targeted by crypto-ransomware — TeslaCrypt (or Tesla Crypt) has the ability to encrypt more than 50 known game-related files, both single player and multi-player games. Steam and other game delivery platforms are being held for ransom for about one thousand dollars, to be paid by means of PayPal, My Cash Cards or 1.5 bitcoins (worth about $342 each as of the 21st of April, 2015).
The malware was initially reported by Bleeping Computer, a specialized client instruction/discussion forum that is rapidly building itself as a hot spot for information about encryptors and ransomware plans. Bleeping Computer has coined the malware ‘Tesla Crypt,’ while the security firm Bromium issued different and totally autonomous information regarding the danger — which they are portraying as another variation of ‘Crypto Locker.’ Bleeping Computer credits Fabian Wosar, of Emsisoft, for first discovering Tesla Crypt.
New #TeslaCrypt #Ransomware sets its scope on video gamershttp://t.co/u3cO8iMdp8 pic.twitter.com/rrhBG9HJ4x
— BleepingComputer (@BleepinComputer) February 27, 2015
As indicated by Bleeping Computer, Tesla Crypt is focusing on files connected with games like: RPG Maker, League of Legends, Call of Duty, Dragon Age, StarCraft, MineCraft, World of WarCraft, World of Tanks and other famous online games. This is a spin-off from earlier software that had a tendency to target personal records, pictures and other standard documents stored on infected machines.
After infecting the files, the malware changes the desktop background of the PC to a ‘notice’ that the client’s documents have been encrypted. The message contains instructions on how and where clients need to go to purchase the private key to decrypt their documents. Part of the procedure includes downloading the Tor Browser bundle — interestingly enough, there is a hidden administration site where contaminated clients can get information from the malware creators on the most proficient method of making an installment payment and then afterwards decrypting their documents. The notice also contains a “drop dead” date, after which point the private key will be destroyed completely and the documents will be difficult, if not impossible, to recover.
Kaspersky's Tip of the Week: How to protect yourself from #cryptoware #malware http://t.co/fg4eONspRR. pic.twitter.com/4GqVHBM0e9
— Anon.Dos (@anondos_) April 21, 2015
The notice is very much like that of the notorious Crypto Locker ransomware, which might be the reason Bromium considers the two bits of malware to be part of the same family. As Bromium notes, the likenesses between the two are insignificant, however they do accept the fact that Tesla Crypt is utilizing Crypto Locker’s image.
At least for now, it would seem, crypto-ransomware is here to stay, so make sure you are committed to backing up your machines. The individuals behind these plans have an eye toward business and marketing and at the end of the day, they are showing signs of “improvement” in infecting clients and persuading them to pay to recover their information. This reality exists in our current world, where we are interfacing more and more things to the web which will just intensify the issue.
SOURCES:
https://www.hackread.com/famous-games-hijacked-for-ransom-through-teslacrypt-ransomware/
You should also watchout for random traders on Steam that will send you an link that automaticly lets you download an src file. Don’t open the link. – you are warned.
I was just targeted last week by one. “she” spoke in Russian and did very bad translations to English. “She” gave me a link to an .src file and I downloaded it. I then immediately scanned it using Kaspersky. It was all fine. I opened it up in quarantine mode and alarms went off everywhere. deleted it immediately. My need to always check files saved my ass this time. don’t fall for shit like this on steam.
Wow..
Well, goodbye Steam – I don’t play often enough to justify taking the risk.
I am just wondering how they would do anything against online games. Like “Hey you messed up my WoW folder” Just delete and reinstall it then? Shouldn’t that pretty much have you all suited up to play once again?
Where can i find a hi-res version of the controller picture in the header!?! PLEASE
http://www.geeksofdoom.com/GoD/img/2013/04/2013-04-11-gamer.jpg
The link says its forbidden, would also like to get this image!
I am wondering where I can obtain a hi-res image of the controller art in the header please!?!
This is totally fake and missinformation……… there is no point in doing crypto ramsons in games….. you just fortmat and download again.
Besides 90 percent of stuff of progress files in games are backed in private Steam, EA or Blizzard, or ubisoft etc. servers…
Only a retard would pay, and the only way for someone to actually lose anything would be crypto ramsoning the entire company servers and not your Personal computer……..
…. these notes are not true, but crypto ramsons do exist…. but is just not targeting games…. that is idiotic.
final answer when they are found kill them
Wouldn’t a simple directory wipe for that game remove all the encrypted files? And then just re-download from Steam, EA Origin, Ubisoft, etc.
Seems pretty stupid to hold a game directory for ransom when there’s another copy on the company’s download servers.