A new ransomware attack designed to specifically target gamers has been uncovered by researchers, locking access until a Bitcoin ransom is paid to unlock a key.
The most famous ransomware, CryptoLocker, set the tone for its future imitators: attacking systems using zero-day vulnerabilities in operating systems and web browsers, CryptoLocker quietly encrypts the victim's files with strong public-key cryptography. Once complete, a message appears warning the victim to visit a website and pay a ransom in typically-untraceable Bitcoins in order to receive the private key and unlock the now-inaccessible files. It has also spawned numerous variants, most notably the SynoLocker malware
which targeted Synology NAS products late last year.
Researcher Fabian Wosar of Emsisoft was, according to a Bleeping Computer forums post
, the first to spot the new attack. Dubbed TeslaCrypt, researchers at Bromium Labs
claim that it is not a variant of CryptoLocker but merely an imitator - but its impact is clear: the software targets files used by numerous games, from Call of Duty and StarCraft 2 to Minecraft, Day Z, and even Valve's Steam digital distribution platform.
'Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminals target new niches,
' claimed Bromium's Vadim Kotov of the malware. 'Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music.
TelsaCrypt is also notable for being one of the first CryptoLocker-inspired attacks to accept payment through PayPal My Cash Cards as well as Bitcoins, lowering the barrier to entry for victims willing to cough up a cash ransom. Doing so, however, increases risk for the attacker - as evidenced by the differing ransoms, $500 being charged for Bitcoin payments and a whopping $1,000 for PayPal payments.
While various anti-malware vendors are all quick to point out how their products can provide protection against such attacks, their zero-day nature coupled with the lag between a new variant being released and signature-based anti-malware packages receiving detection capability mean that the best defence is a robust backup regime: if the files are encrypted by a ransomware package, simply wipe the system and restore them from clean backup without paying a penny to the attackers.