Skip to content ↓ | Skip to navigation ↓

A security firm has observed that a new type of crypto ransomware whose theme is styled around the popular television series Breaking Bad is targeting Australian computers.

In a post published on its Security Response blog, Symantec discusses how the ransomware incorporates several elements from Breaking Bad, which premiered in 2008 and aired its series finale in 2013.

“The malware authors cooked up their ransom demand message using the ‘Los Pollos Hermanos’ branding image found in the show,” Symantec explains.

“Along with this, part of the email address used in the extortion demand is based on a quote by the show’s protagonist Walter White, who declared “I am the one who knocks.”

breaking bad

Symantec goes on to explain that a malicious zip archive that uses a major courier’s name in its file name delivers the crypto ransomware by executing a malicious file ‘PENALTY.VBS.’

Upon successful infection, the ransomware opens a legitimate PDF file, which is designed to assuage users’ fears that they might have downloaded something malicious.

However, it ultimately opens a Bitcoin tutorial video that instructs users how to purchase Bitcoins, which they are encouraged to use to complete the malware’s ransom payment.

The crypto-ransomware encrypts videos, images, documents, and additional files stored on a victim’s computer using a randomly generated Advanced Encryption Standard (AES) key, which is then encrypted using an RSA public key. The malware generally demands AU $1,000.00 to decrypt all affected files.

Also opened shortly following infection is a YouTube video that features a song from the popular video game Grand Theft Auto V, which is thought to contain another reference to Breaking Bad.

The threat uses components or similar techniques to an open-source penetration-testing project, which uses Microsoft PowerShell modules. This allows the attackers to operate the ransomware.

Users who are affected by any form of crypto ransomware are encouraged to not pay the ransom, as doing so carries no guarantee that the attackers will decrypt their files.

To learn more about ransomware, including how to protect your computer from this type of malware, please click here.