A new strain of encrypting ransomware that forced PC gamers located in the U.S. to pay up $500 in Bitcoin or $1,000 in PayPal My Cash cards, or permanently lose their user profile data, saved games, maps, mods, etc., is now targeting the Far East. The new ransomware with file encryption capabilities, named Crypt0L0cker (the "o" letter is a zero) by its authors, is targeting only machines based in European and Asian countries, as well as Australia, as its geographical restriction does not allow it to be installed on systems in the U.S.
Since the CryptoLocker file-encrypting malware was released last year, ransom viruses have become a popular tool among computer hackers as a way to extort money from victims by threatening to delete all their data. According to researchers, the creators of CryptoLocker earned about $3 million over nine months of operation before it was finally shut down in May 2014 after a multi-national law enforcement operation.
Recently, PC gamers located in the U.S. had reported that a malware named TeslaCrypt can get into computers by attacking Internet Explorer and Opera Web browsers which are used to visit a compromised WordPress-based website. TeslaCrypt can lock up 185 different kinds of files, such as data related to video games, including Steam, single and multiplayer games, game development software, image, office, movie and compressed files, as well as the default iTunes music format file-extension .m4a.
The crypto-ransomware, which claimed to be a variant of the notorious CryptoLocker ransomware, also deletes all Windows restore points from the computer, making it impossible for the user to go back and regain access to the encrypted files. Similar to other file-encrypting programs, TeslaCrypt demands the ransom to be paid in bitcoin crypto currency and hosts a page for obtaining the decryption key on the Tor anonymity network. The user is then left with the option of either using an uninfected backup drive to gain access to the files or pay the ransom.
Symantec has now reported a newly discovered variant, Crypt0l0cker, which has been customized for at least two East Asian countries. The malware arrives on the victim's computer through fake emails warning the recipient of traffic violations or claiming to be a notification from the government. The variant changes. The ransomware is coded to communicate in Japanese, Hangul, and Korean, with the default language of the ransom message automatically selected as per the IP address of the victim's computer, and appearing in English in case no default language is chosen. A majority of the attacks are targeting Korea, followed by Malaysia and Japan, with the ransom message demanding 1.8 bitcoins or about $400 to release the victim's files. The ransomware threat is unlikely to be eliminated anytime soon, and security experts recommend that users create a backup and store copies of important files in a safe place.