Symantec warns over 'Breaking Bad' ransomware that demands £500 to decypt

Aussies-only targeted - for the moment...

Ransomware that uses the theme of the popular television series Breaking Bad has been uncovered by security software company Symantec in the wild in Australia.

Labelled Trojan.Cryptolocker.S, the malware encrypts images, videos, documents, and more on the compromised computer and demands up to AU$1,000 (£500) to decrypt the files.

The authors of the malware use the "Los Pollos Hermanos" branding image found in the show, as well as the phrase used by Walter White, the "star" of the show, "I am the one who knocks" in the email address for "support-related inquires". [sic]

Infected users are greeted with the ransom demand: "Your important files have been encrypted: photos, documents, videos, etc. If you want to decrypt your files you must pay the fee of $450 AUD. Failure to pay within the specified time will mean you must pay $1,000 AUD".

"We believe that the crypto ransomware uses social engineering techniques as a means of infecting victims. The malware arrives through a malicious zip archive, which uses the name of a major courier firm in its file name," warns Symantec.

It continues: "This zip archive contains a malicious file called ‘PENALTY.VBS' which when executed, downloads the crypto ransomware onto the victim's computer. The threat also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file.

"Based on our initial analysis, the threat appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware.

"The malware encrypts files using a random Advanced Encryption Standard (AES) key. This key is then encrypted with an RSA public key so that victims can only decrypt their files by obtaining the private key from the attackers."