I don't know if people on here are aware of this yet, but you should be if you play PC games.
Bromium Labs recently discovered (or rediscovered) a variant of Cryptolocker (called Teslacrypt), a real nasty piece of ransomware that targets specific games now (as well as pretty much all of Steam itself from the sounds of it).
http://www.zdnet.com/article/new-cryptolocker-ransomware-targets-gamers/
http://www.bleepingcomputer.com/forums/t/568525/new-teslacrypt-ransomware-sets-its-scope-on-video-gamers/ (a Forum thread on Bleeping computer from a few weeks ago where this may have first been revealed)
http://www.neogaf.com/forum/showthread.php?t=704302 ( A Gaf thread from 2013 about vanilla cryptolocker)
Affected games and software according to Bromium, (and I'm quoting them here for the list if the forum post doesn't make it clear)
http://labs.bromium.com/2015/03/12/achievement-locked-new-crypto-ransomware-pwns-video-gamers/
Single User Games
- Call of Duty
- Star Craft 2
- Diablo
- Fallout 3
- Minecraft
- Half-Life 2
- Dragon Age: Origins
- The Elder Scrolls and specifically Skyrim related files
- Star Wars: The Knights Of The Old Republic
- WarCraft 3
- F.E.A.R
- Saint Rows 2
- Metro 2033
- Assassin’s Creed
- S.T.A.L.K.E.R.
- Resident Evil 4
- Bioshock 2
Online Games
- World of Warcraft
- Day Z
- League of Legends
- World of Tanks
- Metin2
Company Specific Files
- Various EA Sports games
- Various Valve games
- Various Bethesda games
Gaming Software
Steam
Game Development Software
- RPG Maker
- Unity3D
- Unreal Engine
Ransomware, if you are not familiar with it , can be very very nasty stuff. General concept is that this malware encrypts a program of yours unless you pay the jerks who wrote it a ransom (usually by bitcoin), hence "ransomware". Or of course unless you actually find a way to remove it, which unsurprisingly is often very difficult to do. I don't know if paying them the ransom will actually restore anything, I suspect not.
The malware often attempts to pose as your local law enforcement in an attempt to scare you to comply with the ransom, as well as having a prominent destruction timer treating to destroy the key to unlock your files if you don't pay by X date/time. Nasty stuff and mean spirited.
This particular Ransomware seems to be unfortunately using a Flash exploit in some banner ads and Torrents as a vector for infection.
I think it's probably a very good idea to disable or remove Java and Flash if you don't need them (you can re-enable them for sites you trust) , don't use IE if at all possible and of course make backups of all your files regularly to a drive that isn't continually attached to your PC.
Log in to comment