Gamers Be Warned, Never Download ‘Free AAA’ Games In Peer-To-Peer Networks

Video gaming is a huge industry, in fact much larger than Hollywood when it comes to yearly profits. In aggregate gaming companies earn more compared to movie production studios, as video games have expanded in various platforms. The key to gaming companies having more successful endeavor compared to movie producers is the immersion of their audience to a life-like world. But not everything is good news, whether in gaming or in the movie production. Cybercriminals will always have one goal, ‘follow-the-money’, and there is no other growing industry right now more profitable than gaming, with movie production not far behind.

Players, on the other hand, are composed of people from diverse backgrounds, morality, and culture, that shapes their behavior in acquiring and playing games they wish to immerse with. Players have the money to buy their games, and sometimes to buy their way to success inside the game. This drive of gamers to succeed inside the game world is the strong motivation for cybercriminals to cash-in with the trend, through their old-school malware development efforts.

The latest news about gaming-related malware is the evolution of ransomware, from regular targets to gamers being their new focus. Ransomware infamously entered the consciousness of a common Joe and Jill of computing way back in 2017 with WannaCry ransomware. It was very successful in collecting ransom payments at the expense of its victims who lost their data, to the tune of $4 billion. The cybersecurity market has taken strides to develop countermeasures against ransomware, hence the successors of WannaCry are not as profitable as the former did two years ago.

As the new year 2019 came, Anatova, a new ransomware family publicly appeared. It was developed with stronger encryption capability compared to other ransomware that came before it. Anatova pretends to be something else while waiting for an unsuspecting user looking for ‘free AAA games’ to download it from peer-to-peer networks.

“Anatova has the potential to become very dangerous with its modular architecture which means that new functionalities can easily be added. The malware is written by experienced authors that have embedded enough functionalities to be sure that typical methods to overcome ransomware will be ineffective,” explained Christiaane Beek, a McAffee cybersecurity engineer.

Anatova ransomware variants were detected in computers in the UK, US, France, Belgium, and Germany at the time of this writing. Instead of asking for Bitcoin, Anatova’s encryption engine once successful will ask the user to pay $700 worth of Dash, a minor cryptocurrency, in order to decrypt the files held hostage by the malware. Either a sense of humor or a parody of being a business-oriented person, the virus author through the notice provided to the victim states: “nothing personal, only business.”

The origin of the ransomware is still under investigation by various antimalware vendors, but Anatova seems to make exemptions for computers located in former USSR states, Iraq, India, Egypt, Syria, and Morocco. It has the capability to detect where the infected machine is located and refuse to infect the machines if it is located in either country mentioned.

“It’s quite normal to see the CIS countries being excluded from execution and often an indicator that the authors might be originating from one of these countries. In this case, it was surprising to see the other countries being mentioned. We do not have a clear hypothesis on why these countries, in particular, are excluded,” emphasized Alexandre Mundo, McAfee’s Sr. Malware Analyst.