Breaking Bad Ransomware Hits Aussie PC Users

Written by

Security researchers are warning PC users in Australia to beware of new Breaking Bad-themed ransomware demanding up to $1000 AUD ($796 USD) to decrypt essential computer files.

The attacks typically arrive in the form of a malicious zip archive which takes the name of a famous delivery firm as its file name, according to Symantec.

The AV giant continued in a blog post:

“This zip archive contains a malicious file called ‘PENALTY.VBS’ (VBS.Downloader.Trojan) which when executed, downloads the crypto ransomware onto the victim’s computer. The threat also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file.

Based on our initial analysis, the threat appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware.”

The ransom demand message that flashes up to victims uses the Los Pollos Hermanos brand, as seen in Breaking Bad – demanding they pay $450 within a specified time or else the charge will rise to $1000.

The email provided for “support-related enquiries” also references lead character Walter White’s description of himself in season four as “the one who knocks.”

The victim’s images, videos, documents and other important files are encrypted using a random AES key which is in turn encrypted with an RSA public key. This requires them to obtain the corresponding private key from the attackers to effectively get their files back.

Also included is a handy video tutorial on how to buy bitcoins – in order to help victims pay the ransom.

Symantec said its customers were protected from Trojan.Cryptolocker.S and referred worried netizens to its dedicated blog on ransomware.

Cyber-criminals are increasingly turning to ransomware as an easy way to make a fast buck – sometimes with tragic results.

In January it was reported that a 17-year-old student from Windsor committed suicide after receiving messages that he’d visited illegal sites and that indecent images had been found on his computer.

What’s hot on Infosecurity Magazine?