Menu
New ransomware program targets gamers

New ransomware program targets gamers

The program encrypts game saves, mods, maps and other user-generated content for a large number of popular games

A new malware program attempts to extort money from gamers by encrypting game saves and other user-generated files for popular computer games.

The new threat, which claims to be a variant of the notorious CryptoLocker ransomware, targets 185 file types, over 50 of which are associated with computer games and related software.

This is the first ransomware program to specifically target games, according to researchers from security firm Bromium, which recently found it. It was distributed via a drive-by download attack from a compromised website that directed users to the Angler exploit kit.

The malicious program encrypts game saves, maps, profiles, replays, mods -- in other words, custom content that users would not be able to recover by simply reinstalling the game.

The list of computer games targeted by the new threat include popular titles like Call of Duty, StarCraft, Diablo, Fallout, The Elder Scrolls, Warcraft, Minecraft, Assassin's Creed, Bioshock, World of Warcraft, League of Legends and World of Tanks. The digital game distribution platform Steam and developer tools like RPG Maker, Unreal Engine and Unity3D are also targeted.

"Many young adults may not have any crucial documents or source code on their machines -- even photographs are usually stored at Tumblr or Facebook -- but surely most of them have a Steam account with a few games and an iTunes account full of music," Bromium security researcher Vadim Kotov said in a blog post.

While the new ransomware program claims to be a variant of CryptoLocker, its creators are likely only reusing that name. The similarity between the new sample and the original CryptoLocker binaries is only around 8 percent, which is negligible, the Bromium researchers said.

CryptoLocker paved the way for the rise of file-encrypting malware. Researchers estimate that it has earned its creators around $3 million over nine months of operation until it was shut down in May 2014 following a multi-national law enforcement operation.

The new game-targeting ransomware program claims to be using strong encryption with 2048-bit RSA keys, but the Bromium researchers are still analyzing it to determine if that is accurate or if there is any way to decrypt the files without paying the ransom. Like most file-encrypting programs, the new threat requires the ransom to be paid in bitcoin cryptocurrency and hosts the page for obtaining the decryption key on the Tor anonymity network.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityencryptionBromiumdata protectionmalwarefraud

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments