Internet users hit with Breaking Bad Theme Crypto-Malware

To demonstrate their creativity cybercriminals have released a new ransomware equipped with file encryption abilities and this time they have chosen logo of “Los Pollos Hermanos” fast food chain featured in famous TV show “Breaking Bad.” 

No matter how much we condemn cybercriminals for their deeds we cannot deny that they have been demonstrating their creative skills rather persistently.

In the latest ransomware with encryption capabilities this is quite evident as cybercriminals have used the theme and logo of popular TV show Breaking Bad.

This crypto-malware was discovered in Australia and regardless of its appealing visuals the focus of this malware is also on business just like Walter White.


It also encrypts data on the compromised computer and demands an initial ransom of 450AUD ($357 / €318).

If the ransom isn’t paid in due time then the attackers increase the fee for decrypting the data to up to 1,000AUD ($790 / €710).

Breaking Bad fans you know it!

Symantec security experts state that this malware, which has been identified as Trojan.Cryptolocker.S, relies upon the AES algorithm for locking the data. It then uses powerful, public-key encryption or RSA for protecting the symmetric key. The private key remains in possession of the attackers only.

The chain of infection starts with a fake email appearing to be from a prominent package delivery firm. This email contains a malicious attachment that the user thinks is an innocuous file but actually, it is a VBScript/Penalty.VBS. It also contains instructions for downloading the malware as well as an Adobe document.

When this PDF file is executed the ransomware instantly gets installed in the background.

This is the payment page of Breaking Bad themed crypto-malware
This is the payment page of Breaking Bad themed crypto-malware

This crypto ransomware comes with following extensions:

ai, .csv, .crt, .db, .doc, .docm, .docx, .dotx, .gif, .jpeg, .jpg, .lnk, .mp3, .msi, .ods, .one, .ost, .p12, .pdf, .pem, .pps, .ppsx, .ppt, .pptx, .psd, .pst, .pub, .rar, .raw, .rtf, .tif, .txt, .vsdx, .wma, .xls, .xlsm, .xlsx, .xml and .zip.

Symantec researchers explained the mechanism:

“Based on our initial analysis, the threat appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware.”

So beware and don’t fall for this Crypto-Malware even if you are a Breaking Bad fan! ;) 

Related Posts