A new strain of encrypting ransomware is forcing PC gamers to face a
real-life alien invader that could permanently lose their saves.
Buy WOW Gold
TeslaCrypt gets into computers through compromised websites and locks up 185
different kinds of files, including data related to Call of Duty, World of
Warcraft, BioShock, Assassin's Creed, StarCraft, Diablo, the Elder Scrolls,
League of Legends, the Steam game-distribution software and the Unity and Unreal
Engine graphics engines, among others.
Victims are asked to pay up $500 in Bitcoin or $1,000 in PayPal My Cash
cards, the latter of which entails more exposure risk for the criminals behind
this scheme.
Breaching the perimeter
The malware attacks Internet Explorer and Opera Web browsers that land on a
compromised WordPress-based website, said Vadim Kotov of Cupertino,
California-based enterprise-security firm Bromium in a report yesterday (March
12) titled "Achievement Locked: New Crypto-Ransomware Pwns Video Gamers." (The
report didn't name the compromised site, but said its operator had been
notified.)
A Feb. 27 post on the Bleeping Computer website, which dubbed the malware
TeslaCrypt, gave credit for the discovery of the ransomware to Fabian Wosar of
Austrian computer-security firm Emsisoft.
Bromium noted that a malicious Adobe Flash Player movie on the compromised
site leads to a malicious website, then to another malicious website, and
finally to the Angler exploit kit, a bundle of malware that launches one attack
after another at visiting Web browsers in the hope that one succeeds.
Angler performs two checks: one to see whether the visiting browser is
running on a virtual machine (a software "computer" within a computer often used
by antivirus researchers), the other to detect certain antivirus products
running on the visiting browser's computer.
If it finds nothing, then Angler launches attacks on a recent Adobe Flash
Player flaw and an older Internet Explorer flaw. (The former was patched by
Adobe in January, the latter by Microsoft in 2013, but plenty of people never
update their software.)
Insider threat
If Angler successfully puts TeslaCrypt on the visiting machine, the
ransomware methodically encrypts each instance of 185 different kinds of files,
Bromium said, including image, office, movie and compressed files, plus the
default iTunes music format file-extention .m4a, as well as gaming files. (MP3
files were not on the list.) Bleeping Computer said once encrypted, files would
bear the extension ".ecc."
"Many young adults may not have any crucial documents or source code on their
machine (even photographs are usually stored at Tumblr or Facebook)," noted the
Bromium report, "but surely most of them have a Steam account with a few games
and an iTunes account full of music."
Even worse, said Bleeping Computer, TeslaCrypt then deletes all Windows
restore points from the computer, making it impossible for the user to turn back
the clock to regain access to encrypted files. The only way to regain access is
to restore files from an uninfected backup drive — or to pay the ransom.
How to avoid pwnage
Fortunately, TeslaCrypt infection can be prevented by fully patching
Microsoft and Adobe software. Robust antivirus software (the kind you pay for)
should also be able to detect the Angler exploit kit's presence on websites.
But those steps won't prevent infection from other kinds of ransomware, some
strains of which may use zero-day exploits or other forms of attack against
which there is little defense.
In general, recommended Kotov, "keep your files backed on an external hard
drive and keep this hard drive unplugged when you go online."
"Be also careful with your DropBox (or other cloud services)," he added. "If
you have folders synchronized with an online storage [service], malware will get
to them, too."BY www.runmmo.com
没有评论:
发表评论