New 'Breaking Bad' ransomware detected on computers in Australia

Beware! ‘Breaking Bad’ Is Now A Ransom-Styled Malware Currently Infecting Australian Computers

Early reports are being to surface about a new Breaking Bad-branded malware product that is infecting computers in Australia. According to Symantec, the new crypto ransomware threat is called Trojan.Cryptolocker.S and, so far, infects the following systems: Windows 2000, Windows 7, Windows NT, Windows Vista, Windows XP. The Breaking Bad ramsomware encrypts images, videos, and documents, then issues a ransom of around AU$1,000 (US$791) to decrypt the corrupted files.

But Why Breaking Bad?

According to Business Spectator, analysts from Norton have revealed Breaking Bad fans are being targeted via social engineering.

“We believe that the crypto-ransomware uses social engineering techniques as a means of infecting victims.”

As you can see from the image below, the Los Pollos Hermanos branding image is used — an image very familiar to Breaking Bad fans. To add insult to injury, the email address used in the random demand includes a part of a famous Walter White quote: “I am the one who knocks.”

New 'Breaking Bad' ransomware detected on computers in Australia

When the computer is infected with the Breaking Bad malware, the computer will be taken to a legitimate Bitcoin video tutorial in a bid for the infected party to use this method of paying the ransom demand. Also opened is another YouTube video, this time of a song featured in the game Grand Theft Auto V, another potential Breaking Bad reference.

According to Norton, the following computer files are targeted by the Breaking Bad malware threat.

  • .ai
  • .crt,.csv
  • .db,.doc,.docm,.docx,.dotx
  • .gif
  • .jpeg,.jpg
  • .lnk
  • .mp3,.msi
  • .ods,.one,.ost
  • .p12,.pdf,.pem,.pps,.ppsx,.ppt,.pptx,.psd,.pst,.pub
  • .rar,.raw,.rtf
  • .tif,.txt
  • .vsdx
  • .wma
  • .xls,.xlsm,.xlsx,.xml
  • .zip

What is Ransomware?

According to Norton, ransomware is defined as follows.

“Ransomware is malware that holds the victim’s computer to ransom, either by restricting access to the computer by locking the desktop or by encrypting the user’s files. The malware then displays a ransom note, often claiming to be from the police, the FBI, or some other type of law enforcement agency. Ransomware can even tell what country you’re in and display a ransom note that looks like it’s from your local police force. The ransom note may claim that the computer was used to look at illegal websites, videos, or images and will try to frighten the victim into paying up by threatening to bring them to court. Victims are often too embarrassed to ask for help because the ransom note may say they were viewing pornographic content.”

Ransomware most often infects a user’s computer after they open links in spam emails. A more comprehensive look at what ransomware is and how you can stay safe from the Breaking Bad malware threat can be found here. The Inquisitr also recently reported a way of manipulating ransomware coding as a way of reclaiming an infected computer.

People who use Norton/Symantec virus protection are safe from the Breaking Bad malware, but it is important to be vigilant and always be careful of clicking on unknown links.

[Image credits: Norton Security/Symantec]