Breaking Bad themed ransomware caught in the wild
Somewhere Down Under there is a hacker with a penchant for writing ransomware who is also a fan of Breaking Bad.
According to Symantec, a new crypto ransomware threat, Trojan.Cryptolocker.S (T.C.S) has been discovered in the wild that has branded itself with themes from the hit TV show based on a school teacher's journey into the dark world of manufacturing and selling illegal drugs.
The ransomware notice contains a picture of the mobile home turned drugs lab which featured in series one of Breaking Bad and the logo of the chicken restaurant, Los Pollos Hermanos, that acted as a front for the drug-dealing operations of Walter White's arch nemesis.
Apart from its fixation with Breaking Bad, Symantec says there is little to fear from T.C.S which has so far been isolated to a few computers in Australia. It reports that T.C.S is easy to contain and remove.
Like many ransomware attacks, this one appears to arrive by email as a zip archive masquerading as something that the recipient might want to open.
“Based on our initial analysis, the threat appears to be using components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to run their own PowerShell script on the compromised computer to operate the crypto ransomware,” Symantec Security Response wrote in the company's blog.
The malware encrypts files using a random Advanced Encryption Standard (AES) key, with this key then being encrypted with an RSA public key so that the victim can only decrypt his files by obtaining the private key from the attackers.
Payment is demanded via Bitcoin, with helpful links provided to a video tutorial on how to purchase the coins.