Slashdot Mirror
New Crypto-Ransomware Encrypts Video Game Files
An anonymous reader writes A new piece of ransomware that (mis)uses the Cryptolocker "brand" has been analyzed by Bromium researchers, and they discovered that aside from the usual assortment of file types that ransomware usually targets, this variant also encrypts file types associated with video games and game related software. It targets files associated with single-user games Call of Duty, Star Craft 2, Diablo, Fallout 3, Minecraft, Half-Life 2, Dragon Age: Origins, The Elder Scrolls and specifically Skyrim-related files, Star Wars: The Knights Of The Old Republic, WarCraft 3, F.E.A.R, Saint Rows 2, Metro 2033, Assassin's Creed, S.T.A.L.K.E.R., Resident Evil 4, Bioshock 2; and online games World of Warcraft, Day Z, League of Legends, World of Tanks, and Metin2. Here's the Bromium Labs report.
All of these crypto ransomware things are actually a plot to make people associate "encryption" with something bad, so that people will stop using things like encrypted-by-default phones.
As long as it doesn't affect DOOM. And by that I mean the original, which I'm still playing after 2 decades.
If telephones are outlawed, then only outlaws will have telephones.
At least I'll be able to keep playing Dwarf Fortress and NetHack for another 10mins, until I die. Again.
YASD.. fun!
Betcha their ransom pay rate is way higher with gamers. Smart move, fuckers...
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
Yes, but compared to what EA did to the game, it causes hundreds of dollars in improvement.
It doesn't seem like much of a step, but it is an advance for the bad guys.
As always, even though save game files may not be something people consider as valuable, it is still something that can be lost.
Ransomware seems like it is just starting to ramp up this year. I would not be surprised to see the next generation of it starts checking if the user has any AD rights and attacks entire AD forests. A company that loses access to AD (especially if they use rights management servers) likely will pay a criminal organization top BTC to get their access back.
The ironic thing is that tape drives are starting to see a resurgence. The market share for tape drives grew 13% in 2013, and 26% in 2014 (as per Extremetech). Add Sony's sputtered deposition technology (similar to how some high-end studio microphone elements are made) that offers 185 terabytes per cartridge, and we have a decent tool to combat ransomware.
Of course, the best solution for a small installation is a dedicated backup server that pulls backups (optionally encrypted), and plops data on a disk array as well as tape. Tape isn't perfect, but its advantage is that it is easily stored offline, where physical presence is needed to put a tape in, and cartridges have a read/write switch that is honored, barring a covert reflash of the tape drive's firmware. For larger installations, it is hard to beat WORM media, SPIN/SPOUT encryption on the drives, and silos.
Targeting files that can easily be replaced by exactly the same means that they were gotten in the first place doesn't seem like a super brilliant move.
Also, targeting fanatical TES players makes a visit from the Dark Brotherhood a virtual certainty.
"Sweet mother, sweet mother, send your child unto me..."
Targeting files that can easily be replaced by exactly the same means that they were gotten in the first place doesn't seem like a super brilliant move.
Presumably they'd be targeting the save games.
Given that PC gamers are by and large usually at least a bit technically savvy, and often very savvy going after the executables doesn't seem like a winning strategy. You'd catch someone I'm sure... but only a fraction of the audience would even care.
Then again... only a fraction of the audience is really that invested in their save games. The truly valuable stuff (relatively speaking) is all tied to mmo accounts (and therefore not stored on your PC anyway).
I mean it isn't like it is an online game where Blizzard stores all your character data, key settings, macros and other stuff on the server! Oh, wait, yes it is.
Seriously, why would they do WoW? You just run a repair in the Blizzard client, redownload any mods, and you are up and running. They do it so you can easily play on multiple computers.
Then again... only a fraction of the audience is really that invested in their save games. The truly valuable stuff (relatively speaking) is all tied to mmo accounts (and therefore not stored on your PC anyway).
Exactly, it would be far more profitable for them to simply steal any saved account credentials.
Looking at the Bromium report, it appears that it's checking for various drivers that Vm programs would typically install as part of their guest tools. It looks like if you were to install something as simple as the VMware mouse driver it would think you're in VMware. It also checks for Fiddler so you could simply install that.