New Ransomware Alert! TeslaCrypt is After Your Game Files

  • 1

The ransomware menace is becoming a sore of the Internet. Just last month, we had released an extensive blog post about the alarming growth in ransomware attacks across the world. There are around 12 families of ransomware detected in the wild as of now. And joining the gang is a new member called TeslaCrypt.


What is Ransomware?
Ransomware is a sophisticated malicious program that takes control (hijacks) of the infected computer or its data, and demands money (ransom) from its victim. Ransomware is broadly classified into two types:

1. The first type is an Ecryptor. This ransomware encrypts (converts information into a code) the infected computer’s data including images, videos, documents, presentations, and spreadsheets. It demands a ransom to decrypt the files.

2. The second type is a Screen Locker. As the name suggests, this program freezes or locks up the victim’s computer, and makes it nonfunctional, until a ransom is paid.

What is TeslaCrypt?
TeslaCrypt is a new ransomware in the town. It works in a similar way as other encrypting ransomware. Once inside the system, it starts looking for data including images, docs, spreadsheets, PowerPoint presentations, etc. However, unlike the others, it also seeks out saved game files (replays, maps, configurations, etc.) in the infected computer. Having found the files, the malware starts converting them into an encrypted form which can be only accessible by a user who has a private key to it. And to get this key, the victim has to pay a ransom of 1.5 Bitcoins (about $373.92).


Who are the Primary Targets?
1. Users of MS Windows
2. PC Gamers

What Games are being targeted by TeslaCrypt?
Presently, the following games are known to have been targeted by this ransomware:

• Call of Duty • RPG Maker
• World of Warcraft • League of Legends
• DayZ • Dragon Age
• Minecraft • StarCraft
• Fallout and Diablo • World of Tanks
• Bethesda Softworks File • F.E.A.R. 2
• Steam NCF Valve Pack • EA Sports
• Unreal 3 • Unity Scene
• Assassin’s Creed • Skyrim animation
• Bioshock 2 • DayZ profile file
• RPG Maker VX RGSS • Unreal Engine 3 Game File
• S.T.A.L.K.E.R. • Dragon Age Origins

How Can TeslaCrypt Infect your Computer?
TeslaCrypt mostly spreads via spam emails where it may be hidden in the form of a downloadable attachment. Such emails also contain links to malicious websites, visiting which may download the ransomware automatically on the user’s machine.

Files Infected by TeslaCrypt

Files with following extension get encrypted by TeslaCrypt.

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, .allet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt,

Steps to Stay Away from Ransomware
1. Never download attachments or click on links in emails received from unwanted or unexpected sources, even if the source looks familiar.
2. Don’t respond to pop-up notifications or alerts while visiting unfamiliar websites.
3. Apply all recommended security updates to your OS, software, and Internet browsers, if not already.
4. Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites.

Regular data backup is the only way you can recover from a ransomware attack. Once TeslaCrypt encrypts your files, there is no way that you can decode them without buying the private key. And paying crooks is something we and even the law enforcement do not recommend.

So, take regular backups of all the important files you have on your computer. We recommend you to begin the backup procedure offline and not when you are connected to the Internet. This is because, ransomware also target files in external storage drives. And once you are done, disconnect the backup drive.

What to do if your Computer is Infected with TeslaCrypt?
1. Disconnect your system from the Internet.
2. Disconnect any external storage devices connected to your computer.
3. Run a virus scan on your computer.
4. Get help from a local computer expert to ensure that the infection is gone. Thereafter, you can restore your files from your backup. Running a System Restore may also help.

How can Quick Heal help?
Quick Heal helps prevent ransomware infections with its real-time Email Security that blocks spam, infected and malicious emails. Its Web Security feature automatically blocks infected and malicious websites. Also, Quick Heal detects TeslaCrypt as Ransom.Tescrypt.A4 and proactively blocks the infection.

subscribe to blog button

Rajiv Singha

Rajiv Singha


Your email address will not be published.


  1. Avatar Ashish RaneMarch 27, 2015 at 3:32 PM

    Thanks Rajib for the important info. God bless.

  2. quick heal version 16.00(,can detect the TeslaCrypt?

  3. Thanks Rajib for informing about new virus

  4. Avatar SUNDARAM BALAMarch 27, 2015 at 5:25 PM

    Thanks for the News.

  5. Great work rajib

  6. Thanx a ton , that’s why I subscribed to Quick Heal since its inception . Gr8 job .

  7. Avatar VIJAY BABANRAO WAGHMarch 27, 2015 at 6:46 PM

    Thanks. This was an excellent and timely Alert from Quick Heal.


  8. Avatar rahmatullahMarch 27, 2015 at 7:23 PM

    thaks for information

  9. i already have quick heal installed. do i still need to be scared about the teslacrypt???

    • Rahul Thadani Rahul ThadaniMarch 30, 2015 at 10:28 AM

      Hi Rhea,

      Quick Heal detects TeslaCrypt on the machine so you do not have to worry about this threat.


  10. thanks for the use full information.

  11. Avatar Vimal KrishnanMarch 28, 2015 at 12:10 AM

    Thanks Rajib god bless

  12. Avatar Debdarpan khanMarch 28, 2015 at 12:16 AM

    Hello Rajib,
    I have 2 computers.
    One has “Quick Heal Total Security 2012” version 13.00(, license valid till 27 Jan 2017.
    The other one has “quickheal internet security” version 16.00(, license valid till 07 May 2016.
    Can theyt prevent “TeslaCrypt” from infecting the computers
    with regards
    Debdarpan Khan

    • Rahul Thadani Rahul ThadaniMarch 30, 2015 at 10:30 AM

      Hi Debdarpan,

      Quick Heal detects the TeslaCrypt ransomware so you do not need to worry about this infecting your machines.


  13. Thanks rajib you guys are awesome

  14. Avatar rahul maskeMarch 28, 2015 at 11:23 AM

    i have deleted this malware to detected to my computer

  15. Avatar ABHIMANYU KUMARMarch 28, 2015 at 11:35 AM


  16. Avatar RUBI KUMARIMarch 28, 2015 at 11:37 AM


  17. Avatar prashil moonMarch 28, 2015 at 2:13 PM

    Quick Heal’s Behaviour Detection System also pro-actively detects malicious activity for the TeslaCrypt…

  18. Avatar Sk AbdullaMarch 28, 2015 at 2:28 PM


  19. Avatar Mukesh PrasadMarch 28, 2015 at 7:36 PM

    Thank you Rajib for the valuable information

  20. Avatar bharat namdeoMarch 28, 2015 at 8:19 PM

    we are quckheel user our end date is please three user quckheel discount rate and payment prosess send me

    bharat namdeo
    jabalpur MP india

    • Rahul Thadani Rahul ThadaniMarch 30, 2015 at 10:23 AM

      Hi Bharat,

      In order to renew your Quick Heal product, you will need to do so via the renew option once you open your Quick Heal product dashboard. If you need help to do this, please contact our support team on 0-927-22-33-000.


  21. thank you for this important information about this
    new virus.

  22. Avatar Saumik RoyMarch 29, 2015 at 1:09 AM

    I JUST WANT TO ASK ONE THING…. does quick heal internet security or quick heal total seucity code works in google play’s quick heal paid….. cause which i mentioned is easily available in market for buying….. oh antivirus code is also available…so will that work too….

    • Rahul Thadani Rahul ThadaniMarch 30, 2015 at 10:25 AM

      Hi Saumik,

      No the product key for Total Security or Internet Security does not work on the mobile product over Google Play. The product key for that needs to be purchased separately.


  23. Avatar chander vermaMarch 29, 2015 at 7:07 AM

    when i got problems to use my laptop to access my web site then i purchase quickheal then i got complete solution and i am satisfied now

  24. Avatar shashikant DhikaleMarch 29, 2015 at 11:18 AM

    Thanks for information

  25. Thanks for the info! Sounds very scary though!

  26. Hey Rajib!! I have lot of games in my PC or you can say I’m a Gamer. So, can you tell me what Tesla Crypt do? How does it asks Ransom and how does it affects one computer? Does it infects One’s PC by Internet or Virus?


    • Rajiv Singha Rajiv SinghaApril 1, 2015 at 10:39 AM

      Hi Ayush,

      As mentioned in the post, TeslaCrypt spreads via spam emails. Once it gains entry into the targeted system, it starts looking for saved game files. Thereafter, the virus begins encrypting these files. It then displays a message, as shown in the post, wherein, it asks for a payment in Bitcoins.


  27. Avatar bappa ghoshMarch 29, 2015 at 6:23 PM

    my quickheal not updatet.

  28. Hacking tools and patch files are regarded as virus by Quick heal. What can i do thank you

    • Rahul Thadani Rahul ThadaniMarch 30, 2015 at 10:16 AM

      Hi Putta,

      Kindly share some more information about these tools and files that you are referring to. This will allow us to help you better.


    • Hi what is hacking tools and patch file,i have installed tablet security but not satisfied this software dont have couple of features compared to total security and i am worried,Mr Rajib Sir will my quickheal tablet security software is enough powerful software and will it save my device from teslacrypt or ransomwares,adwar or malware in the future and please discuss in next discussion on this topics on what are the ways and how many numbers of options do any kind of viruses have for entering in our android devices without users knowledge and one more question for you Rajib Sir gamers are also on target but how secured are games for android on googleplay store do google scan all the new developer new games before recommending the games to google users in their games option on googleplay store after reading all these things i even stopped downloading games from google play store when i have already installed quickheal tablet security Rajib Sir i like playing games from google play store but if some games contains some kind of virus will my quickheal tablet security will detect it immediately within seconds of time and secured my device from any infections because i have some worst experiences of viruses when i installed few games from googleplay store that time i was using avast free antivirus on small tablet which is unfortunately now a unuseable corrupted os android device

      • Rajiv Singha Rajiv SinghaApril 2, 2015 at 10:20 AM

        Hi Girish,

        As mentioned in the post, presently TeslaCrypt is only known to target the Windows platform (PCs) and not Android. Yes, Quick Heal Tablet Security protects your device from all types of malware designed to target Android users.


  29. Avatar sunil rathoreMarch 30, 2015 at 7:32 PM

    its btr thn other al…

  30. Avatar Krishnasish SarkarMarch 30, 2015 at 10:30 PM

    Do Quickheal v15.00 detect this ransomeware teslascrypt?

  31. Avatar Manas Ranjan GhoshApril 1, 2015 at 10:28 AM


  32. Hi Rajib Sir In case i finished my internet limit and i dont have internet for few hours but i had already installed few apps from googleplay store during which if i full scan my device using myquickheal tablet security software to detect any virus in my installed application will my quickheal tablet security will detect any virus in that installed apps from googleplay because i have no idea on how this software works without internet conection is it very necessary that there must be internet connection for scanning the device or my tablet security can be effective enough to detect any virus in installed apps including games from google play without internet conection for couple of hours and will my software repair or uninstall apps quickly without internet connection if some virus is detectd.Thankyou

    • Rajiv Singha Rajiv SinghaApril 8, 2015 at 10:57 AM

      Hi Girish,

      Internet connection is necessary to receive security updates. But while you are installing any app, Quick Heal monitors it in real-time. If the app is malicious, Quick Heal will block it or warn you about the same. So, if this has not been the case, it means your installed apps are fine.