Hackers Are Using 'Breaking Bad'-Themed Malware To Demand Ransom

The ones who knock want your Bitcoin to unlock your files.

May 11 2015, 3:39pm

Image: Thomson20192/Flickr

Even hackers can be huge Breaking Bad fanboys.

Unidentified cybercriminals are blackmailing people in Australia with a virus that locks data on their computer until the victim pays up to 1,000 Australian dollars, according to security firm Symantec.

The virus demands a ransom payment in Bitcoin using multiple references to the famous TV show Breaking Bad, such as the logo of the show's fried chicken chain Los Pollos Hermanos, or the Walter White quote "I am the one who knocks."

This virus, which Symantec analyzed in a post on Sunday, is another case of what's called ransomware, a type of malware that infects a victim's computer, encrypts its files, and asks for a payment to unlock the files. Ransomware attacks have become more common in the last two years, with various variations such as Reveton, CryptoLocker, and CryptoWall.

In this case, the hackers get victims to open a malicious ZIP file through social engineering or phishing. Symantec didn't provide too many details on how the hackers trick victims, but said that the malicious files contains the name of a "major courier firm," in an attempt to get victims to open it.

At that point, the virus gets installed on the victim's computer and encrypts documents, images, and music files.

Then the victim sees an alert message asking for 450 Australian dollars if the payment is done immediately, or 1,000 Australian dollars if the payment is done a few days later. According to Symanetc, the malware also opens a YouTube video in the background which features a song from Grand Theft Auto V that is believed to be a tribute to Breaking Bad.

To make the ransom payments harder to trace, the hackers demand them made in Bitcoin, and they even included a link to a video tutorial on how to buy and use Bitcoin in case the victim is not familiar with the technology—something that other ransomware authors have done in the past.

"We have tried to simplify this process as much as possible," the hackers wrote in the ransom message.

As cybersecurity expert Graham Cluley noted in a blog post, it's not uncommon for hackers to leave hints or "easter eggs" in their malware. Sometimes, these can reveal too much, such as when Michael Buen, a Filipino hacker, allegedly sent a virus hidden within his resume containing his name, address and phone number.

In this case, however, we only know the hackers love Breaking Bad—just like the rest of us.