TeslaCrypt is a New Ransomware Program Targeting Gamers
ZDNet.com reported on 13th March, 2015 quoting security researchers of security firm Bromium Labs as “A new variant of infamous CryptoLocker which is dubbed as “TeslaCrypt” has been discovered which targets gamers.”
Security researchers of Bromium have also examined the malware and found that it is spread via a hijacked WordPress website which redirects visitors to a page that hosts the infamous Angler exploit kit. The landing page of Angler is drafted to check-out the existence of any antivirus products and virtual machines after which it installs the ransomware by exploring a Flash Player flaw improved by Adobe in January or an old IE (Internet Explorer) vulnerability.
When the malware infects a system, it informs victims that their videos, photos and documents have been encrypted. Contrasting other ransomware, TeslaCrypt also encrypts files associated with video games including Diablo, Call of Duty, Minecraft, Fallout, Warcraft, Assassin’s Creed, F.E.A.R, Resident Evil, League of Legends, World of Warcraft and World of Tanks.
The ransomware encrypts files linked with Steam and game development like Unreal Engine, Unity3D and RPG Maker along with profile data, mods, saved games and maps. The malware targets 185 file extensions which includes iTunes-related files.
Threatpost.com published a report on 12th March, 2015 quoting Vadim Kotov, a Security Researcher of Bromium, as saying “Cybercriminals have found new niches with the help of progress of crypto-ransomware by encrypting all these games. Many youngsters may not keep any vital documents or source code on their systems (even pictures are normally stored at Tumblr or Facebook) but definitely the majority of them possess a Steam account with a few games and an iTunes account complete with music. Even non gamers may be stressed by these attacks if they lose their personal details.”
The new ransomware program claims to be a variant of CryptoLocker but its creators are most probably reusing that name. Researchers of Bromium confirmed that the similarity between the new sample and the original CryptoLocker binaries is only approximately 8%, which is negligible.
CryptoLocker created the path for the rise of file-encrypting malware. Researchers estimate that creators of this malware earned approximately $3 million within nine months of its operation till the time it was closed down in May 2014 following a multi-national law enforcement operation.
Via SpamFighter