The types of games are selective, and not most of the popular ones. It targets files associated with single users games Call of Duty, Star Craft 2, Diablo, Fallout 3, Minecraft, Half-Life 2, Dragon Age: Origins, The Elder Scrolls and specifically Skyrim related files, Star Wars: The Knights Of The Old Republic, WarCraft 3, F.E.A.R, Saint Rows 2, Metro 2033, Assassin's Creed, S.T.A.L.K.E.R., Resident Evil 4, Bioshock 2; and online games World of Warcraft, Day Z, League of Legends, World of Tanks, and Metin2.
It encrypts company specific files for various EA Sports, Valve and Bethesda games, files associated with the Steam gaming platform, and those of game development software such as RPG Maker, Unity3D, and Unreal Engine.
The ransomware also encrypts iTunes-related files, which means that finally users will not have access to that U2 malware that Apple installed. Still it also means that Apple users can't listen to their Coldplay collections on repeat.
Vadim Kotov, Senior Security Researcher at Bromium who discovered the ransomeware said that encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminal target new niches.
"Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music. Even professional adults may be frustrated by these attacks if they lose their games along with the rest of their personal data."
The malware itself might look like Cryptolocker at first - it uses a similar visual identity - but when their code is compared, less then ten percent is the same.