Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

TeslaCrypt ransomware encrypts also gaming data

TeslaCrypt is a new strain of ransomware, spotted in the wild by experts at Emsisoft, which is also targeting users of principal gaming platforms. A new strain of ransomware dubber TeslaCrypt was spotted in the wild by the researchers at the security firm Emsisoft. TeslaCrypt was discovered at the end of February, researchers at Bromium that analyzed the […]

TeslaCrypt ransomware encrypts also gaming data

TeslaCrypt is a new strain of ransomware, spotted in the wild by experts at Emsisoft, which is also targeting users of principal gaming platforms.

A new strain of ransomware dubber TeslaCrypt was spotted in the wild by the researchers at the security firm Emsisoft. TeslaCrypt was discovered at the end of February, researchers at Bromium that analyzed the malicious code have discovered that it was distributed through a compromised WordPress website set up to redirect visitors to a page hosting the Angler exploit kit.

The landing page was designed to check for the presence of virtualized environment or antivirus software, if the checks don’t reveal them the exploit drops the TeslaCrypt ransomware by exploiting a Flash Player vulnerability (CVE-2015-0311) patched by Adobe in January or an old Internet Explorer vulnerability.

The TeslaCrypt works like any other ransomware by encrypting victim’s files, including photos, videos and documents. The peculiarity TeslaCrypt is that it also searches for files associated with popular video games (i.e. Call of Duty, Diablo, Fallout, Minecraft, Warcraft, F.E.A.R, Assassin’s Creed, Resident Evil, World of Warcraft, League of Legends, and World of Tanks) and encrypt them. The authors of TeslaCrypt have focused their efforts in targeting gaming platform, the ransomware encrypts profile data, saved games, mods, maps, and also the files associated with Steam and game development software (i.e. Unity3D, Unreal Engine, and RPG Maker).

“Gamers may be used to paying to unlock downloadable content in their favorite games, but a new crypto-ransomware variant aims to make gamers pay to unlock what they already own. Data files for more than 20 games can be affected by the threat, increasing what is already a large target for cybercriminals. Another file type that hasn’t been targeted before is iTunes related. But first, let’s have a look at the initial infection.” reads a blog post published by Bromium.

The researchers discovered that the TeslaCrypt ransomware targets a total of 185 file extensions, a number of extensions less than TorrentLocker, but experts highlighted that it targets ‘more file types associated with video games than we have ever seen.

TeslaCrypt achievement_locked

“Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminal target new niches. Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music,” continues the post.

The payment procedure is operated through a hidden service in the TOR network, victims told to pay 1.5 Bitcoin (more than $400) or $1,000 through PayPal My Cash Card in order to decrypt their files.

Gaming platforms are a privileged target for cyber criminals, in the past many other criminal crews targeted gamers, the last threat in order of time was a campaign designed to phish the Steam credentials of Counter-Strike.

Pierluigi Paganini

(Security Affairs –  TeslaCrypt , gaming industry)