Jump to content

Recommended Posts

Posted

Probably everybody has heard of Cryptolocker by now, but in case you haven't, it's a kind of malware which encrypts user created files on a Windows PC and then demands payment in Bitcoins to provide a key to decrypt them. The user is given 72 hours to make payment after which the key is destroyed rendering the files unusable.

A new form of ransomware has now appeared which targets gamers. Games such as Call of Duty, World of Warcraft and similar will be encrypted using AES-256 encryption in the same way that Cryptolocker did. The method of infection uses a Flash banner which redirects users to a malware site which then downloads the rogue program.

At this particular moment in time, the malware only downloads if the user is using either Internet Explorer (all versions), or Opera.

When the original CryptoLocker ransomware first appeared, a method of preventing infection became available called CryptoPrevent. It works by creating a software restriction policy to all the locations on the PC that malware writes to preventing it from installing.

I have the free version of CryptoPrevent installed on my own system and have been using it for a couple of years now. I received a warning popup from it once when I tried to install the Windows version of a chat app called Telegram last year. One of the things which surprised me at the time was that CryptoPrevent revealed that the app wanted to install in the C:\Users\{Username}\AppData\Roaming directory and not in C:\Program Files as would normally be the case. As a precaution before whitelisting it, I created a manual System Restore point which was fortunate because the app didn't work and because it wasn't installed in the default OS location, Windows couldn't uninstall it. Turning the clock back using System Restore got rid of it.

The link above to CryptoPrevent doesn't contain a download link to the free version. But when you run the file, you'll get an opportunity to decide whether you want to upgrade to the Premium version, or continue using the freebie. With the latter, you have to check for updates manually.

But CryptoPrevent also prevents Trojans and other nasties from installing without interfering with other security programs such as Malawarebytes.

Bromium Labs has an in-depth article on the subject of how the ransomeware works to encrypt games which is well worth a read: http://labs.bromium.com/2015/03/12/achievement-locked-new-crypto-ransomware-pwns-video-gamers/

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...