• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Gamers targeted by ransomware virus

WhatsOnYourMind

WhatsOnYourMind

Alfrescian
Loyal
Joined
Mar 14, 2014
Messages
58
Points
0

13 March 2015 Last updated at 07:17 ET

Gamers targeted by ransomware virus

_81621331_a72302b1-a222-49a7-b30c-96ac3c15a6e8.jpg


Older games such as Warcraft 3 are also targeted by the malicious program

Gamers are being targeted by a computer virus that stops them playing their favourite titles unless they pay a ransom.

On infected machines, the malicious program seeks out saved games and other files and encrypts them.

A key to unlock encrypted files is only supplied if victims pay at least $500 (£340) in Bitcoins.

The malware targets 40 separate games including Call of Duty, World of Warcraft, Minecraft and World of Tanks.

Dark web cash

The malicious program looks similar to the much more widely distributed Cryptolocker ransomware that has caught out thousands of people over the last couple of years.

But analysis of the malware, called Teslacrypt, reveals that it shares no code with Cryptolocker and appears to be have been created by a different cybercrime group.

Researcher Vadim Kotov from security firm Bromium said the file was catching people out via a website its creators had managed to compromise. The site involved is a Wordpress blog that is inadvertently hosting a file that abuses a loophole in Flash to infect visitors.

One a machine is infected, wrote Mr Kotov, the malware looks for 185 different file extensions. In particular, it seeks out files associated with many popular video games and online services such as Steam that give people access to them.

"Interestingly, although these are all popular games, none of them matches any particular 'Top Sellers' or 'Most Played' chart, " said Mr Kotov. "They could just be games the developer loves to play."

Files holding gamers' profiles, maps, saves and modified versions of games are all sought by Teslacrypt, he said.

He said anyone who tries to outwit the malware by uninstalling a game they obtained via an online service may end up disappointed.

"Often it's not possible to restore this kind of data even after re-installing a game via Steam," he wrote.

Once target files are encrypted the malware pops up a window telling victims they have a few days to pay up and retrieve their data.

To decrypt, victims can either pay $500 in Bitcoins or $1,000 in Paypal My Cash payment cards. The virus tells victims to send payment details to an address located on the Tor anonymous browsing network.

The encryption system used by Teslacrypt has yet to be cracked meaning victims would have to turn to back-ups to restore scrambled files.


 
You must log in or register to reply here.

Similar threads

disconsolate
HomeTeamNS servers hit by ransomware attack
Replies
2
Views
167
millim6868
M
disconsolate
At least S$1.1 billion lost to scams in 2024; one victim had S$125 million stolen
Replies
9
Views
380
sbfuncle
sbfuncle
W
Now 20yo chicken and 23 yo pimp but cannot be named for their crimes 2 years ago?
Replies
0
Views
212
WangChuk
W
S
Sinkies incl Miniters sent compromising deepfake images
Replies
3
Views
321
nabeifuckpap
nabeifuckpap
disconsolate
Ex-CDC Director Says 'Possible' US Created Viruses in China
Replies
0
Views
171
disconsolate
disconsolate
Back
Top