Ransomware holds eSports players hostage

Dreaded ransomware, the malware that locks your files and demands payment for the key to unlock them, is now targeting gamers.

New ransomware targets gamers.


In the first report of gamers being targeted by ransomware, more than 2o different games, including World of Warcraft, League of Legends, Call of Duty and Star Craft 2, various EA Sports and Valve games, and Steam gaming software are are on the list.  This variant of ransomware looks similar to CryptoLocker according to a report from a researcher at Bromium Labs.

What is CryptoLocker?

CryptoLocker is “ransomware” malware that encrypts files on a victim’s Windows-based PC. This includes pictures, movie and music files, documents, and certain files, like the gamer’s data files, on local or networked storage media.

A ransom, usually paid via Bitcoin or MoneyPak, is demanded as payment to receive a key that unlocks  the encrypted files. In previous cases, the victim has 72 hours to pay about a relatively small amount of money, usually in the low hundreds of dollars, but after that the ransom rises to over thousands of dollars. We have seen reports that says the gamers are demanded a ransom of about $1,000 via PayPal My Cash Cards or 1.5 bitcoins worth about $430.

“There’s mostly no way to get the data back without paying the ransom and that’s the reason why bad guys focus on this scheme as it generates huge profit, “ said  Jiri Sejtko, Director of Avast Software’s Virus Lab Operations last year when ransomware was making the news. “We can expect some rise in ransomware occurrences,” predicted Sejtko. “Malware authors will probably focus on screen-lockers, file-lockers and even on browser-lockers to gain money from victims.”

That prediction came true, and now ransomware authors are targeting narrower audiences.

How do I get infected with CryptoLocker?

Infection could reach you in various ways. The most common is a phishing attack, but it also comes in email attachments and PDF files. In the new case targeting gamers, the Bromium researcher wrote, “This crypto-ransomware variant has been getting distributed from a compromised web site that was redirecting the visitors to the Angler exploit kit by using a Flash clip.” There is a detailed analysis in the report.

How do I protect myself against ransomware?

Ransomware is continuing to evolve, most recently CryptoWall ransomware, and even mobile ransomware called Simplocker.  The most effective way to protect yourself is to back up your files and store them on an external hard drive, as the new malware could also attack other drives and even cloud storage like Dropbox.

“Outdated software makes you more vulnerable for ransomware, so keep your system and applications up-to-date, especially  Java, PDF Reader, Browsers, and Flash,” said Sejtko. The Avast Software Updater feature in all of our products, shows you an overview of all your outdated software applications, so you can keep them updated and eliminate any security vulnerabilities.

By all means, avoid paying the ransom. Even if you do – you’re dealing with cybercriminals – how can you trust them to give you the key?

Avast has an Android app called Avast Ransomware Removal that will eliminate the malware from an infected device. Get it free for your Android smartphone and tablet from the Google Play Store.

List of targeted games and software

Single User Games

Call of Duty, Star Craft 2, Diablo, Fallout 3, Minecraft, Half-Life 2, Dragon Age: Origins, The Elder Scrolls and specifically Skyrim related files, Star Wars: The Knights Of The Old Republic, WarCraft 3, F.E.A.R, Saint Rows 2, Metro 2033, Assassin’s Creed, S.T.A.L.K.E.R., Resident Evil 4, and Bioshock 2.

Online games

World of Warcraft, Day Z, League of Legends, World of Tanks, and Metin2.

Gaming Software


Company Specific Files

Various EA Sports, Steam, and Bethesda games

Game Development Software

RPG Maker, Unity3D, and Unreal Engine

Leave a Reply