Breaking Bad-themed crypto-ransomware reported by Symantec

Symantec security researchers have discovered crypto-ransomware that is styled around the US television series Breaking Bad

Symantec security researchers have discovered new crypto-ransomware that is styled around the Breaking Bad US television series.

The malware, detected at Trojan.Cryptolocker.S, is currently infecting computers in Australia and is designed to encrypt image, video, document and other file types.

The malware then demands the Australian equivalent of £230 to decrypt the files in a message that uses the Los Pollos Hermanos branding image found in the television show.

In addition, part of the email address used in the ransom demand is based on a quote by the show’s protagonist Walter White, who declared "I am the one who knocks".

The demand notice threatens that if the ransom is not paid in a specified time, it will increase to £510.

According to Symantec researchers, the ransomware uses social engineering techniques as a means of infecting victims.

They found that the malware is typically delivered using a malicious zip archive that refers to a major courier firm in the file name.

Read more about ransomware

This zip archive contains a malicious file called Penalty.VBS, which when executed, downloads the crypto-ransomware onto the victim’s computer. The threat also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file.

The researchers said the malware appears to be using similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto-ransomware.

The malware encrypts files using a random Advanced Encryption Standard key. This key is then encrypted with an RSA public key so that victims can only decrypt their files by obtaining the private key from the attackers.

The ransom demand links to a legitimate video tutorial on how to obtain bitcoins to help victims with paying the ransom. Demanding payment through channels like bitcoin makes it more difficult for law enforcement to trace payments to the cyber criminals behind the ransomware.

However, Symantec advises businesses against paying off cyber criminals and to seek professional advice instead.

According to Symantec, one of the best enterprise defences against ransomware attacks is using frequent, reliable and tested data backups.

Read more on Hackers and cybercrime prevention