The dirty money game
This new ransomware variant attacks more than 50 file extensions associated with video games, in addition to images, documents, iTunes files and more. The game titles in the crosshairs include Call of Duty, Minecraft, Half Life 2, Elder Scrolls, Skyrim, Assassin’s Creed, World of Warcraft, Day Z and League of Legends. Several other Valve and Bethesda games are also affected. Another target is Steam, a popular game client.
Bromium researchers recently discovered an unnamed, WordPress based website that was actively spreading this ransomware variant. A flash exploit on the website redirects users to a page hosting an Angler exploit kit which drops the payload. The malware is well disguised and the url on which the flash file is hosted keeps changing from time to time to avoid detection.
Although the ransomware calls itself “CryptoLocker-V3″ and resembles Cryptolocker, it’s mechanism is very different, and previously effective tools like decryptolocker do not seem to work with this variant. Once the encryption process is complete, users are greeted with a window having a link to a website which demands payment. Usual payment systems like PayPal, Credit card etc are available but require a huge ransom of US$ 1000. On the other hand a bitcoin payment reduces the ransom amount to US$ 415. Thus, by offering a huge discount, the cyber criminals want to encourage payment in bitcoin as it is untraceable and gives them an easy getaway.
Since most tools designed for Cryptolocker do not work with this variant, prevention is the best form of defense. Malware writers are always busy looking into all possible nooks and crannies to disrupt security and make money, but an up to date antivirus and regular backups can ensure that you do not become a part of their dirty game.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialKeep those shields up and have a nice (ransomware-free) day!