Breaking Bad-themed ransomware targeting users

“A new type of ransomware is targeting Australian users, and its creators have decided to have some fun and express their love for the popular US TV show Breaking Bad while trying to “earn” some money.

Aside from the “Los Pollos Hermanos”-branded ransom message and the email address used in the extortion demand sporting a popular quote by the show’s main character, the ransomware is not very innovative.

It encrypts the usual assortment of file types – images, documents, audio and video files, archive and database files – with a random Advanced Encryption Standard (AES) key, which is then encrypted with an RSA public key.

“The malware arrives through a malicious zip archive, which uses the name of a major courier firm in its file name. This zip archive contains a malicious file called PENALTY.VBS, which when executed, downloads the crypto ransomware onto the victims computer. The threat also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file,” Symantec researchers shared.

“Based on our initial analysis, the threat appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware.”

The crooks ask for the ransom to be paid in Bitcoin, and instruct victims on how to do this via a legitimate YouTube tutorial.

While the number of users infected by this ransomware is currently low, the malware can be pretty damaging.

The best protection against this type of destructive malicious software is to back up important files regularly.”