A new strain of ransomware dubber TeslaCrypt was spotted in the wild by the researchers at the security firm Emsisoft. TeslaCrypt was discovered at the end of February, researchers at Bromium that analyzed the malicious code have discovered that it was distributed through a compromised WordPress website set up to redirect visitors to a page hosting the Angler exploit kit.
The landing page was designed to check for the presence of virtualized environment or antivirus software, if the checks don’t reveal them the exploit drops the TeslaCrypt ransomware by exploiting a Flash Player vulnerability (CVE-2015-0311) patched by Adobe in January or an old Internet Explorer vulnerability.
The TeslaCrypt works like any other ransomware by encrypting victim’s files, including photos, videos and documents. The peculiarity TeslaCrypt is that it also searches for files associated with popular video games (i.e. Call of Duty, Diablo, Fallout, Minecraft, Warcraft, F.E.A.R, Assassin’s Creed, Resident Evil, World of Warcraft, League of Legends, and World of Tanks) and encrypt them. The authors of TeslaCrypt have focused their efforts in targeting gaming platform, the ransomware encrypts profile data, saved games, mods, maps, and also the files associated with Steam and game development software (i.e. Unity3D, Unreal Engine, and RPG Maker).
“Gamers may be used to paying to unlock downloadable content in their favorite games, but a new crypto-ransomware variant aims to make gamers pay to unlock what they already own. Data files for more than 20 games can be affected by the threat, increasing what is already a large target for cybercriminals. Another file type that hasn’t been targeted before is iTunes related. But first, let’s have a look at the initial infection.” reads a blog post published by Bromium.
The researchers discovered that the TeslaCrypt ransomware targets a total of 185 file extensions, a number of extensions less than TorrentLocker, but experts highlighted that it targets ‘more file types associated with video games than we have ever seen.‘
“Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminal target new niches. Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music,” continues the post.
The payment procedure is operated through a hidden service in the TOR network, victims told to pay 1.5 Bitcoin (more than $400) or $1,000 through PayPal My Cash Card in order to decrypt their files.
Gaming platforms are a privileged target for cyber criminals, in the past many other criminal crews targeted gamers, the last threat in order of time was a campaign designed to phish the Steam credentials of Counter-Strike.
(Security Affairs – TeslaCrypt , gaming industry)
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.