Categories: CyberCrimeSecurity

Breaking Bad-Themed Ransomware Takes Hold Down Under

Fans of Breaking Bad may be doing a bit of a double-take at their computer screens today following the discovery of new ransomware themed around the TV show, which deals deals with the criminal exploits of high school chemistry teacher-turned-meth kingpin Walter White.

Researchers at security firm Symantec say the malware is currently affecting computers across Australia, encrypting images, videos, documents, and more on the compromised computer and demands up to AU$1,000 ((£510 / $791) to decrypt these files.

Heisenberg

Affected users are confronted with a message (pictured left) sporting the branding of Los Pollos Hermanos, a fictional fried chicken shop featured in Breaking Bad.

The demand also features an responding email address containing one of the show’s most iconic lines, “I am the one who knocks”.

Victims are then directed to a website teaching them how to obtain Bitcoin, which is the hackers’ preferred method of payment.

The threat also opens another YouTube video in the background. This video is a song used in a fictional radio station in the game Grand Theft Auto V, which some fans believe is a shout-out to Breaking Bad.

Symantec suggests many users are tricked into downloading the malware, which is formed of the latest iteration of the notorious Trojan.Cryptolocker.S, via social engineering. T

he first point of infection is a zip archive containing the malicious VBC.Downloader.Trojan, entitled – in this case – PENALTY.VBS. The file decompresses to a non-malicious PDF in order to convince the victim that the unzipping operation was harmless, whereas it has actually unleashed the crypto ransomware upon the unwilling victim.

This particular ransomware set-up appears to have derived techniques which use elements of an open-source, white-hat penetration-testing project employing Microsoft PowerShell modules. The attack runs a PowerShell script to complete the encryption process, which employs the use of an Advanced Encryption Standard (AES) key encrypted with an RSA public key. This means that the victim can only unlock their files with a key provided by the cyber-extortionists.

Ransomware has proven to be an increasingly unwelcome presence in the cybersecurity industry in recent years. Research released last week by Kaspersky revealed that mobile ransomware had grown 65 percent year on year, with mobile browsers also recorded as accounting for 64 percent of mobile exploits, showing that users need to remain on their guard at all times.

Are you a security expert? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

View Comments

  • Time to start making the use of Bitcoin and other untraceable currencies illegal. Either that or they have to come under proper controls as do other currencies.

    By definition untraceable currencies equate to tools for extortion and tax evasion and have no place in a civilised society within the rule of law.

Recent Posts

Google Jarvis AI Extension Leaked On Chrome Store

Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…

2 days ago

Amazon Mulls New Multi-Billion Dollar Investment In Anthropic – Report

Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…

2 days ago

FTX’s Caroline Ellison Begins Her Two Year Prison Sentence

Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…

2 days ago

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

3 days ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

3 days ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

3 days ago