A new malware program attempts to extort money from gamers by encrypting game saves and other user-generated files for popular computer games. The new threat, which claims to be a variant of the notorious CryptoLocker ransomware, targets 185 file types, over 50 of which are associated with computer games and related software. It was distributed via a drive-by download attack from a compromised website that directed users to the Angler exploit kit.
The malicious program encrypts game saves, maps, profiles, replays, mods—in other words, custom content that users would not be able to recover by simply reinstalling the game.
The list of computer games targeted by the new threat include popular titles like:
-Call of Duty
-The Elder Scrolls
-World of Warcraft
-League of Legends
-World of Tanks
The digital game distribution platform Steam and developer tools like RPG Maker, Unreal Engine and Unity3D are also targeted.
The new game-targeting ransomware program claims to be using strong encryption with 2048-bit RSA keys, but the Bromium researchers are still analyzing it to determine if that is accurate or if there is any way to decrypt the files without paying the ransom. Like most file-encrypting programs, the new threat requires the ransom to be paid in bitcoin cryptocurrency and hosts the page for obtaining the decryption key on the Tor anonymity network.