Cryptolocker made headlines last year with its original method of attack. The premise was simple but lethal: once installed onto a computer, all of the users’ files were encrypted with a secure private key and a large ransom was charged in Bitcoins or PayPal transfer. Once this was paid, the files would be unlocked again.
TeslaCrypt works in a very similar way but only impacts PC gamers. Once hijacked, the files for over 20 popular games are encrypted, rendering them unplayable. Then, just like Cryptolocker, payment is demanded from the user before the games are unlocked.
Affected games include Call of Duty, World of Warcraft, Diablo, StarCraft, Assassin’s Creed, Minecraft, DayZ and many others. Even game distribution platform Steam and a couple of game development software packages including Unity3D and Unreal Engine are targeted.
In total, 185 file extensions are encrypted including game saves, maps, mods, replays and all other user content rendering reinstalling the game a futile effort as a player would still have lost all of their progress.
The ransomware is currently distributed by a compromised WordPress site which redirects users to an exploit kit via an embedded Flash file. The malicious program is then downloaded and the users’ games locked.
Efforts are currently underway to decrypt locked files on compromised systems without paying the attackers the stated ransom. Gamers are advised to back up all of their save games onto multiple external drives so that their progress can be recovered if their systems are infected by TeslaCrypt.
