Symantec reported on its Security Response Blog a new crypto ransomware threat that uses a Breaking Bad theme to infect computers in Australia.
The malware is able to infect and encrypt documents, photos, videos and other file types in computers before demanding up to A$1,000, equivalent to about US$791, for the victims to once again access to the files.
The authors designed the ransom message of the malware to use the Los Pollos Hermanos brand that can be found in the popular TV show. Along with the brand, a part of the e-mail address that is being used in the ransom demands is inspired by a quote from Walter White, the protagonist of Breaking Bad, who said "I am the one who knocks."
Symantec believes that the Breaking Bad ransomware utilizes social engineering methods to be able to infect the computers and files of its victims. The malware is packaged within a zip archive that has the name of a certain major courier in the file name. Included in the zip file is a malicious file named Penalty.VBS, and once it is executed, the crypto ransomware is downloaded into the computer to infect it. Simultaneously with the ransomware, the file also downloads and opens up a harmless .pdf file to make users think that there was nothing wrong going on.
The crypto ransomware, powered by a PowerShell script, then encrypts certain files using a random AES, or Advanced Encryption Standard, key. After that, the AES key is encrypted with an RSA public key, making victims helpless in decrypting their files unless they acquire the private key from the hackers.
The demand for ransom sent by the hackers to their victims contains links to video tutorial on how to acquire Bitcoins, which seems to be the preferred way for the hackers to get paid. Another video on YouTube is also opened in the background, featuring a song played in a radio station found in the Grand Theft Auto V video game.
Symantec advises users to stay safe against ransomware, with one option being the company's computer protection programs which include detectors to prevent such malware from entering the user's system.
While the malware is sweeping across Australia, the Federal Bureau of Investigation is concerned that similar threats can find their way into the United States.
FBI Special Agent Thomas Grasso said that the virtual currency of Bitcoins is becoming the preferred way for hackers to collect ransoms from their ransomware due to Bitcoins being very difficult to trace.