To demonstrate their creativity cybercriminals have released a new ransomware equipped with file encryption abilities and this time they have chosen logo of “Los Pollos Hermanos” fast food chain featured in famous TV show “Breaking Bad.”
No matter how much we condemn cybercriminals for their deeds we cannot deny that they have been demonstrating their creative skills rather persistently.
It also encrypts data on the compromised computer and demands an initial ransom of 450AUD ($357 / €318).
If the ransom isn’t paid in due time then the attackers increase the fee for decrypting the data to up to 1,000AUD ($790 / €710).
Symantec security experts state that this malware, which has been identified as Trojan.Cryptolocker.S, relies upon the AES algorithm for locking the data. It then uses powerful, public-key encryption or RSA for protecting the symmetric key. The private key remains in possession of the attackers only.
The chain of infection starts with a fake email appearing to be from a prominent package delivery firm. This email contains a malicious attachment that the user thinks is an innocuous file but actually, it is a VBScript/Penalty.VBS. It also contains instructions for downloading the malware as well as an Adobe document.
When this PDF file is executed the ransomware instantly gets installed in the background.
This crypto ransomware comes with following extensions:
ai, .csv, .crt, .db, .doc, .docm, .docx, .dotx, .gif, .jpeg, .jpg, .lnk, .mp3, .msi, .ods, .one, .ost, .p12, .pdf, .pem, .pps, .ppsx, .ppt, .pptx, .psd, .pst, .pub, .rar, .raw, .rtf, .tif, .txt, .vsdx, .wma, .xls, .xlsm, .xlsx, .xml and .zip.
Symantec researchers explained the mechanism:
“Based on our initial analysis, the threat [the malware downloader] appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware.”
So beware and don’t fall for this Crypto-Malware even if you are a Breaking Bad fan! ;)