You know that whenever you download a piece of software you are unfamiliar with, you are at risk of installing some kind of virus which has the ability to look through your files and take personal information. A virus, which can also be referred to as malware, is a piece of software which is specifically designed to disrupt or damage a computer system. Although most of us have anti-virus software in place to protect us, it seems like a new type of virus has been encrypting video game save files which stops gamers playing their games unless the pay a ransom.

The virus, known as Teslacrypt, has apparently been targeting and encrypting files of popular PC games such as Call of Duty, Diablo, Fallout 3, Minecraft, Half-Life 2, World of Warcraft, Day Z, League of Legends, as well as many more. It is believed that the virus contains a key code which unlocks the files only when the victims pay at least $500 (£340) in Bitcoins.

Uncovering the virus
"Your personal files are encrypted" - Cryptolocker

“Your personal files are encrypted” – Cryptolocker

It has been suggested that the virus looks similar to the ‘Cryptolocker’ ransomware which has unfortunately targeted thousands of people in the past, even though analysis of the virus shows to have shared no code with Cryptolocker and appears to have been made by a different cybercrime group.

Vadmin Kotov, a researcher from the security firm ‘Bromium’ said ‘the crypto-ransomware variant has been getting distributed from a compromised website that was redirecting the visitors to the Angler exploit kit by using a Flash clip’.

In his blog, he added ‘at the time of writing this blog, the website was still serving malware. The website is based on WordPress and could have been compromised by any one of the WordPress exploits’.

‘Attackers used an unconventional way of redirecting the users. Instead of a typical iframe (or an iframe dynamically generated by JavaScript), they used a Flash clip wrapped in an invisible <div> tag’.

Couldn’t we just uninstall the game?

If a virus ever appeared on your computer, the first thing you would do is remove any pieces of software which may be carrying the virus, right? While this method seems like the most logical solution, uninstalling a game is a little different and could be a hard decision to make.

‘Files are targeted by extension. Concretely these are user profile data, saved games, maps, mods, etc. Often it’s not possible to restore this kind of data even after re-installing a game via Steam’.

Essentially, games contain files which are written over time, for example, your player data or saved games. If you were to remove those files by uninstalling the piece of software they belong to, then without backups of the files, you would find yourself starting from the very beginning, something you might not want to do, especially if you’ve gotten far in the game or you are on a high level.

What actually happens?

If you are unlucky enough to get the Telsacrypt virus, once your files have been encrypted, the malware opens a new window telling you that you have a few days to retrieve encrypted data. In order to get the data back, you can either pay $500, approximately £340 in Bitcoins, or $1000, approximately £678, in PayPal ‘My Cash’ payment cards. The virus then tells you to send payment details to an address located on the Tor anonymous browsing network.

Can we prevent this?

The encryption system has yet to be cracked, which means if this was to happen to you, you would have to turn to backups to restore any encrypted files.

Our advice to you would be to make regular backups on your files, either via cloud storage, external hard disks, USBs, etc. It’s better to be safe than sorry and we would hate for you to lose all of your hard earned work. Plus, it’s much better than giving money to a cybercrime group.

Have you experienced this kind of virus before? If so, what did you do? We’d love to hear your thoughts and opinions on this topic! Tweet @TechFlyOfficial to let us know what you think, as well as keep up to date on new articles and news that may follow.

About The Author

Editorial Administrator

Dominic Joseph McLaughlin - Web Developer & Editorial Administrator.

Related Posts