New malware ransoms your files, brings up Breaking Bad

There’s terrible news afoot if you don’t have an up-to-date security solution, as a new virus can not only lock your files, it’ll convince you that the people behind Breaking Bad are up to no good.

It seems impossible to escape the constant amount old security issues the online world faces, except of course unless you decide to disconnect completely and live in a cave (which you’re unlikely to do).

This week, one such security issue could make you yearn for those cave-like destinations, as a new piece of malware pops up that not only can take over some of your files and locks them for ransom, but also does so with an image connecting it to the “Los Pollos Hermanos” chicken franchise and drug dealer from the “Breaking Bad” TV show.

Picked up this week by Symantec, it’s called Cryptolocker S and arrives with one of the oldest tricks in the book, a ZIP file. The ZIP in question will appear as if from a mail or courier company, and when opened, will unleash a form of security exploit that will look for Excel files, Word documents, images, music files, text documents, PowerPoint presentations, and more things you probably don’t want held for ransom.

And then it will do exactly that, zipping up some of your files and encrypting the files with a random key that only the makers of the malware will know about.

Unfortunately, once your files are encrypted, the payload has been unleashed, and the final part of the malware kicks in, demanding that you pay a fee of $450 AUD within a specific time frame, which will then hit $1000 if you wait too long.


To add insult to injury, the malware adds a logo from the “Breaking Bad” TV show to potentially draw a parallel between the criminals on that show and what the creators of this security exploit are doing, even going so far as to include a catchphrase from the programme in the email address: “the one who knocks”.

Once you’re caught out, though, it seems as that you have very little chance of breaking the encryption yourself.

“In the majority of cases it is not possible to decrypt the files,” said Symantec’s Mark Shaw, a security expert with the company.

“Cyber-criminals leverage industry standard forms of encryption and may issue the decryption key upon payment although there is no guarantee. Impacted users should recover encrypted files from a recent backup after the infection has been cleaned.”

If you get caught out and your files are locked, the malware will provide instructions on how to provide the ransom.
If you get caught out and your files are locked, the malware will provide instructions on how to provide the ransom.

Not having a backup is likely what the malware creators are betting on, but the better bet is to be proactive about security, and make sure that any and every computer you use has an up-to-date form of internet security installed, and that’s also because attacks like this aren’t likely to stop.

“Symantec analysis has shown that both Australia and New Zealand have had a disproportionately larger ratio of ransomware attacks than other countries which may indicate that initial ‘tests’ by the cyber-criminals showed a high infection rate,” Shaw told GadgetGuy, adding that “his is often the precursor to further investment in a carefully crafted spear phishing email campaign to a wider audience.”

So there will likely be more of these coming, and being on guard makes sense. While we suspect that Norton’s own products are being updated with new signatures in mind to go on the defence against this new form of Cryptolocker, other security companies can’t be too far behind, and provided you have something, that something is better than nothing.

As to the “Breaking Bad” imagery, Shaw suggests that the use of that comes from forming a connection with the perpetrators who hide behind that logo on the TV show, telling us that it’s likely “the cyber-criminals have done this from a notoriety perspective and in an effort to align themselves with the gang hiding behind this company entity in the show”.

If you do get infected, don’t blame either of the companies that produced the show, AMC or Sony Pictures, as they have nothing to do with this.

Instead, blame the makers of this malware, and then make sure this never happens to you again with some much needed internet security.