Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Games IT

New Crypto-Ransomware Encrypts Video Game Files 73

An anonymous reader writes A new piece of ransomware that (mis)uses the Cryptolocker "brand" has been analyzed by Bromium researchers, and they discovered that aside from the usual assortment of file types that ransomware usually targets, this variant also encrypts file types associated with video games and game related software. It targets files associated with single-user games Call of Duty, Star Craft 2, Diablo, Fallout 3, Minecraft, Half-Life 2, Dragon Age: Origins, The Elder Scrolls and specifically Skyrim-related files, Star Wars: The Knights Of The Old Republic, WarCraft 3, F.E.A.R, Saint Rows 2, Metro 2033, Assassin's Creed, S.T.A.L.K.E.R., Resident Evil 4, Bioshock 2; and online games World of Warcraft, Day Z, League of Legends, World of Tanks, and Metin2. Here's the Bromium Labs report.
This discussion has been archived. No new comments can be posted.

New Crypto-Ransomware Encrypts Video Game Files

Comments Filter:
  • by Anonymous Coward

    Targeting files that can easily be replaced by exactly the same means that they were gotten in the first place doesn't seem like a super brilliant move.

    • by mlts ( 1038732 )

      It doesn't seem like much of a step, but it is an advance for the bad guys.

      As always, even though save game files may not be something people consider as valuable, it is still something that can be lost.

      Ransomware seems like it is just starting to ramp up this year. I would not be surprised to see the next generation of it starts checking if the user has any AD rights and attacks entire AD forests. A company that loses access to AD (especially if they use rights management servers) likely will pay a crimi

      • by dbIII ( 701233 )

        The ironic thing is that tape drives are starting to see a resurgence

        Good. It will make things cheaper for those of us that never stopped using them. LTO5 can write faster than a gigabit network can feed the computer it's hooked up to, and LTO6 is apparently even faster.

    • by fuzzyfuzzyfungus ( 1223518 ) on Thursday March 12, 2015 @05:19PM (#49245407) Journal

      Targeting files that can easily be replaced by exactly the same means that they were gotten in the first place doesn't seem like a super brilliant move.

      Also, targeting fanatical TES players makes a visit from the Dark Brotherhood a virtual certainty.

      "Sweet mother, sweet mother, send your child unto me..."

    • by vux984 ( 928602 )

      Targeting files that can easily be replaced by exactly the same means that they were gotten in the first place doesn't seem like a super brilliant move.

      Presumably they'd be targeting the save games.

      Given that PC gamers are by and large usually at least a bit technically savvy, and often very savvy going after the executables doesn't seem like a winning strategy. You'd catch someone I'm sure... but only a fraction of the audience would even care.

      Then again... only a fraction of the audience is really that invested in their save games. The truly valuable stuff (relatively speaking) is all tied to mmo accounts (and therefore not stored on your PC anyway).

      • Then again... only a fraction of the audience is really that invested in their save games. The truly valuable stuff (relatively speaking) is all tied to mmo accounts (and therefore not stored on your PC anyway).

        Exactly, it would be far more profitable for them to simply steal any saved account credentials.

      • I wonder if Valve will expand the Steam Cloud in response. Steam already warns you on game launch if your savegames don't match what's in the cloud so broken savegames can be recovered as long as you don't sync. The flaw in that is that syncing happens whenever you exit the game so you'd have to force-kill Steam if you notice that everything is corrupt. (Perhaps this only applies if your game actually saved something but some games are very save-happy.)

        If Valve adds a simple versioning system, even if it
    • Doesn't most of these ransomware things also lock down the machines network connection for anything else other than paying the ransom?

  • Conspiracy theory (Score:4, Interesting)

    by mattventura ( 1408229 ) on Thursday March 12, 2015 @04:43PM (#49245143) Homepage
    All of these crypto ransomware things are actually a plot to make people associate "encryption" with something bad, so that people will stop using things like encrypted-by-default phones.
  • apparently already blocks this Teslacrypt [twitter.com] variant. Finding niches in the world to exploit becomes a sport it seems, I wonder what the next niche will be. I will be busy asserting my Linux security in the meanwhile.
  • Wheew!!! (Score:5, Funny)

    by tekrat ( 242117 ) on Thursday March 12, 2015 @04:51PM (#49245191) Homepage Journal

    As long as it doesn't affect DOOM. And by that I mean the original, which I'm still playing after 2 decades.

  • by Hey_bob ( 6104 ) on Thursday March 12, 2015 @04:54PM (#49245217) Homepage

    At least I'll be able to keep playing Dwarf Fortress and NetHack for another 10mins, until I die. Again.
    YASD.. fun!

  • by TJ_Phazerhacki ( 520002 ) on Thursday March 12, 2015 @04:56PM (#49245227) Journal
    This sounds like the same sort of thing that has been plaguing 'normal' users for the last 2 years, except now, instead of locking down Word docs and photos, it's killing game save files.

    Betcha their ransom pay rate is way higher with gamers. Smart move, fuckers...

    • Looking at some of the games on the list I think I would pay them not to decrypt the files.

      Maybe play parents and kids off against each other. Keep having each party bid as to whether the son gets to spend his life playing WoW again.

  • So long as they leave Sniper Elite 3 alone, I'm safe.

  • While all the game files download again.
  • It targets files associated with single-user games Call of Duty, Star Craft 2, Diablo, Fallout 3...

    Seriously Diablo?? WTF is that a typo and supposed to be DIablo II or 3, are people still playing single player Diablo, a few years back I installed it in a VM to get some nostalgic gameplay and it was horrible.

    • It could be Diablo 3 files though that'd be pointless as they could be just downloaded again. The saves for D3 are all kept on Blizzards servers, this possibly being the only upside for the consumer of their DRM scheme.

      Diablo 1 or 2 could make sense as those allowed for save games on your computer. However that seems rather pointless also as there has been software for decades now to create your own save files with all the equipment you could ever want.

  • Bromium? (Score:2, Troll)

    by DiSKiLLeR ( 17651 )

    Are they a venture backed startup full of bronies?

  • Nobody is going to pay to get their saved game data back. Plus gamers have no money,.

    • The demographics for gamers has been changing for a long while now. There is a large portion of that group that probably does lack disposable income to buy back save game files. But there is also a very large grouping that likely has money to ransom their save game files. I work with lots of 25-40 year olds that play video games and make proffesional white collar wages.

  • So how does the whole per-file random AES key work? Since they're only shipping over the one 'key' parameter, the individual file keys have to be somehow deterministic right?

    • by PRMan ( 959735 )
      If you can guess the exact contents of any 2 files, you should be able to reverse engineer the key. Probably impossible though.
      • by Anonymous Coward

        The AES key used to encrypt the files is randomized per-file, so there shouldn't be any files encrypted with the same key. The AES key is pre-pended to each file encrypted by some flavor of asymmetric encryption (I think RSA but I'm not 100% on that). They download and use the 'public' half of the key on your computer, matching up with the private key on their own servers. You pay the ransom, it sends the private key to your computer and uses it to decrypt the individual AES keys, wham bam thank you sir.

    • So how does the whole per-file random AES key work? Since they're only shipping over the one 'key' parameter, the individual file keys have to be somehow deterministic right?

      or are all of the keys are stored in a encrypted keyring where the key they give you unlocks all of the keys in the keyring which then unlocks all of your files.

  • out of all the games listed, that's the only one I actually play!

  • but doesn't WoW and all MMO games save all character data on the server?
  • by Sycraft-fu ( 314770 ) on Thursday March 12, 2015 @05:47PM (#49245649)

    I mean it isn't like it is an online game where Blizzard stores all your character data, key settings, macros and other stuff on the server! Oh, wait, yes it is.

    Seriously, why would they do WoW? You just run a repair in the Blizzard client, redownload any mods, and you are up and running. They do it so you can easily play on multiple computers.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      WoW has bloated significantly over its lifespan. People with a slower Internet connection will have to wait quite a long time for it to re-download. All while paying Blizzard for access to a service they can't use. Not to mention WoW-addiction. Some might be tempted to pay to speed things up.

  • Gotta give them credit, that's clever.

    Ferret
  • It targets files associated with single-user games Call of Duty, Star Craft 2, Diablo, Fallout 3...

    So this is how Tristram falls...

You know you've landed gear-up when it takes full power to taxi.

Working...