Nasty Ransomware Holds PC Games Hostage

Tom's Guide / Paul Wagenseil

Updated March 13, 2015 at 1:52 PM

A new strain of encrypting ransomware is forcing PC gamers to face a real-life alien invader that could permanently lose their saves.

TeslaCrypt gets into computers through compromised websites and locks up 185 different kinds of files, including data related to Call of Duty, World of Warcraft, BioShock, Assassin's Creed, StarCraft, Diablo, the Elder Scrolls, League of Legends, the Steam game-distribution software and the Unity and Unreal Engine graphics engines, among others.

Victims are asked to pay up $500 in Bitcoin or $1,000 in PayPal My Cash cards, the latter of which entails more exposure risk for the criminals behind this scheme.

MORE: Best Antivirus Software and Apps

Breaching the perimeter

The malware attacks Internet Explorer and Opera Web browsers that land on a compromised WordPress-based website, said Vadim Kotov of Cupertino, California-based enterprise-security firm Bromium in a report yesterday (March 12) titled "Achievement Locked: New Crypto-Ransomware Pwns Video Gamers." (The report didn't name the compromised site, but said its operator had been notified.)

A Feb. 27 post on the Bleeping Computer website, which dubbed the malware TeslaCrypt, gave credit for the discovery of the ransomware to Fabian Wosar of Austrian computer-security firm Emsisoft.

Bromium noted that a malicious Adobe Flash Player movie on the compromised site leads to a malicious website, then to another malicious website, and finally to the Angler exploit kit, a bundle of malware that launches one attack after another at visiting Web browsers in the hope that one succeeds.

Angler performs two checks: one to see whether the visiting browser is running on a virtual machine (a software "computer" within a computer often used by antivirus researchers), the other to detect certain antivirus products running on the visiting browser's computer.

If it finds nothing, then Angler launches attacks on a recent Adobe Flash Player flaw and an older Internet Explorer flaw. (The former was patched by Adobe in January, the latter by Microsoft in 2013, but plenty of people never update their software.)

Insider threat

If Angler successfully puts TeslaCrypt on the visiting machine, the ransomware methodically encrypts each instance of 185 different kinds of files, Bromium said, including image, office, movie and compressed files, plus the default iTunes music format file-extention .m4a, as well as gaming files. (MP3 files were not on the list.) Bleeping Computer said once encrypted, files would bear the extension ".ecc."

"Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook)," noted the Bromium report, "but surely most of them have a Steam account with a few games and an iTunes account full of music."

Even worse, said Bleeping Computer, TeslaCrypt then deletes all Windows restore points from the computer, making it impossible for the user to turn back the clock to regain access to encrypted files. The only way to regain access is to restore files from an uninfected backup drive — or to pay the ransom.

How to avoid pwnage

Fortunately, TeslaCrypt infection can be prevented by fully patching Microsoft and Adobe software. Robust antivirus software (the kind you pay for) should also be able to detect the Angler exploit kit's presence on websites.

But those steps won't prevent infection from other kinds of ransomware, some strains of which may use zero-day exploits or other forms of attack against which there is little defense.

In general, recommended Kotov, "keep your files backed on an external hard drive and keep this hard drive unplugged when you go online."

"Be also careful with your DropBox (or other cloud services)," he added. "If you have folders synchronized with an online storage [service], malware will get to them, too."

Paul Wagenseil is a senior editor at Tom's Guide focused on security and gaming. Follow him at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
NFL schedule release: Chiefs to host Ravens in 2024 season opener
Chiefs vs. Ravens on Sept. 5 will be a rematch of last season's AFC Championship Game.
Yahoo Sports
Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?
For rookies who were waived, the climb to their pro dreams is steeper, but the path ahead is well-worn with trail markers of established success.
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Sports
Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?
In one scenario, Dallas makes Prescott the highest paid player in NFL history. In another, the Cowboys decline that commitment, at which point another team will make him the top paid player in NFL history.
Yahoo Finance
Utility stocks are on fire — here are Wall Street analysts' top picks
Utility stocks are outperforming the broader markets. Here's a look at three top picks from analysts.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list
Here's a look at the rookies who have stood out on each team through the first quarter of the 2024 season.
Autoblog
Best used cars to buy in 2024: From trucks and SUVs to EVs
The best used cars to buy in 2024 include small and midsize cars, trucks, crossovers and SUVs, and even a couple of used electric cars.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Sports
Lions reportedly sign QB Jared Goff to 4-year, $212 million extension
The Detroit Lions have had a busy offseason, and that continued on Monday with the reported extension of quarterback Jared Goff.
Yahoo Sports
Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal
Jimmy Dunne cited 'no meaningful progress' being made in negotiations between the PGA Tour and LIV Golf as a reason for his resignation.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
NASCAR to launch 32-driver in-season tournament
No doubt diehard fans will view this as yet another act of desperation by NASCAR to curb its ratings woes.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Nasty Ransomware Holds PC Games Hostage

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

What scouts think of Bronny James' NBA prospects

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

NFL schedule release: Chiefs to host Ravens in 2024 season opener

Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?

The Spin: Making a call on 5 slumping fantasy baseball stars

Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?

Utility stocks are on fire — here are Wall Street analysts' top picks

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list

Best used cars to buy in 2024: From trucks and SUVs to EVs

The best RBs for 2024 fantasy football, according to our experts

Here's 1 big investing mistake you are probably still making

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

Lions reportedly sign QB Jared Goff to 4-year, $212 million extension

Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal

The best budgeting apps for 2024

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

The FDIC change that leaves wealthy bank depositors with less protection

NASCAR to launch 32-driver in-season tournament