New Cryptolocker variant attacks games

36892208_sRansomware has become a major part of online threats, and that is no surprise considering there is an incentive of immediate financial gain involved. Cryptolocker is a widespread ransomware which like most others, encrypts files belonging to the victim and then demands a ransom. In the last few days, a new variant of this threat has emerged, which specifically attacks games. Unlike most other ransomware variants that just encrypt text and image files that are easily accessible in the documents folder, this one encrypts game save content and DLC (extra downloadable content) as well.

The dirty money game

This new ransomware variant attacks more than 50 file extensions associated with video games, in addition to images, documents, iTunes files and more. The game titles in the crosshairs include Call of Duty, Minecraft, Half Life 2, Elder Scrolls, Skyrim, Assassin’s Creed, World of Warcraft, Day Z and League of Legends. Several other Valve and Bethesda games are also affected. Another target is Steam, a popular game client.

Bromium researchers recently discovered an unnamed, WordPress based website that was actively spreading this ransomware variant. A flash exploit on the website redirects users to a page hosting an Angler exploit kit which drops the payload. The malware is well disguised and the url on which the flash file is hosted keeps changing from time to time to avoid detection.

Although the ransomware calls itself “CryptoLocker-V3″ and resembles Cryptolocker, it’s mechanism is very different, and previously effective tools like decryptolocker do not seem to work with this variant. Once the encryption process is complete, users are greeted with a window having a link to a website which demands payment. Usual payment systems like PayPal, Credit card etc are available but require a huge ransom of US$ 1000. On the other hand a bitcoin payment reduces the ransom amount to US$ 415. Thus, by offering a huge discount, the cyber criminals want to encourage payment in bitcoin as it is untraceable and gives them an easy getaway.

Since most tools designed for Cryptolocker do not work with this variant, prevention is the best form of defense. Malware writers are always busy looking into all possible nooks and crannies to disrupt security and make money, but an up to date antivirus and regular backups can ensure that you do not become a part of their dirty game.

Keep those shields up and have a nice (ransomware-free) day!

  • Glenn McGrew II

    “…an up to date antivirus and regular backups can ensure that you do not become a part of their dirty game.”

    That’s a pretty gutsy statement to make in the face of the fact that security software companies are being overwhelmed by the hackers, who are better funded and not limited by laws. Are you SURE you want to say that and, if so, are you willing to put a money-backed guarantee on it? I suggest that the word “ensure” be changed because of the large number of users who are so naive and careless that they’re guaranteed to get hit by malware.