Game Savefiles Targeted by Ransomware

Game Savefiles Targeted by Ransomware

Game Savefiles Targeted by Ransomware

Game Savefiles Targeted by Ransomware


 It seems PC gamers are now being targeted by ransomware, with game savefiles being encrypted with the unlock key being behind a $500 pay wall.  

Victims with infected machines are forced to either start again with a clean OS install and lose all of their files or pay at least $500, which equates to around £380 in Bitcoins to the maker of the virus/ ransomware program. At present the malware is known to target over 40 game titles including Minecraft, World of Warcraft an many others.


Game Savefiles Targeted by Ransomware


This program is similar to Cryptolocker and other ransomeware programs which have grown in popularity over the last number of years with the rise of hard to trace Cryptocurrencies. Apparently this specific malware shares a lot of code with Cryptolocker, but appears to be created by a different cybercrime group.


Game Savefiles Targeted by Ransomware  

This program does infect more than just gamesaves, but it goes to show that these programs are growing to target many more types of PC users, making it more likely for the malware to encrypt valuable and/or irreplaceable files which victims may are forced to pay to get back.

For a more substantial report on this ransomware, please head over to Bromium Labs as they delve much deeper into this issue than this small article. 

As always we advise PC users to be safe when on the internet and be wary of suspicious websites and/or downloads. We also advice everyone to keep constant backups of your personal or valuable files so that if you are affected by any ransomware you can simply do a clean install of your OS and still retain your files.


You can join the discussion on Gamers being targeted by ransomware on the OC3D Forums.


«Prev 1 Next»

Most Recent Comments

16-03-2015, 07:44:30

Ransomware is truly terrible stuff. I have way more respect/less hate for people who make viruses, seems like more of a "joke", although there are obviously just plain malicious things out there. Whereas ransomware is quite clearly just some script kiddy who learned how to set up some encryption via a library/toolkit and then just tries to squeeze as much money out of people as possible,Quote

16-03-2015, 07:44:36

Like all various versions of Ransomware, there are many different versions of Teslacrypt that can be easily modified to target specific file types (or in this case, game files) as its pretty much a toolkit you buy on less than legit sites. Its also reported that its a heavily modded cryptolocker which makes tools that can unencrypt the files useless.

The biggest distributor of it was an unnamed wordpress site that dropped it in via a flash exploit. In my opinion, chances are that you're more likely to get this through a steam message from an infected user (an account on your friend's list messaging you out of the blue going 'LOL look at this *insert fake image site URL here*'). That way the distributor of Teslacrypt can be more efficient as Steam is targeted (oddly not Uplay or Origin..). Obviously as time goes on, it'll be bought and modified countless times.Quote

16-03-2015, 10:14:36

there must be a way to completely block these kinds of virus'sQuote

16-03-2015, 11:46:30

Honestly if my save file was encrypted i would just start overQuote

16-03-2015, 12:50:44

Originally Posted by NeverBackDown View Post
Honestly if my save file was encrypted i would just start over
^^ Given the time it takes to either restart the game (more fun) or reinstall the OS (SSD) it's no real biggie. Still it's a filthy tactic targeting gamers with this. Quote

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.