May 14, 2015 By Douglas Bonderud 2 min read

Last week, two new ransomware threats surfaced. SC Magazine reported that one was found by security firm Symantec and the other by a security researcher from cloud services provider Rackspace. Both leverage the same basic idea: Encrypt user data and then demand money to unlock the files without damage. This time, however, the malware creators are hoping to grab bitcoins.

Angling for Cash

According to a post on the InfoSec Community Forums by Rackspace security expert Brad Duncan, the Angler exploit kit is now being used to circulate new variants of the TeslaCrypt and AlphaCrypt ransomware. This new malware uses instructions similar to CTB Locker and demands up to $528 in bitcoins to unlock user files. There’s not much in the way of detail after the infection happens: Users are shown a screen that says, “Hello! All your important files are encrypted,” along with a message indicating the current cost of decryption and a bitcoin address for payment. The malware doesn’t self-reference a specific name or designation, but according to Duncan, it is very similar to CryptoLocker and “appears to be another evolution from this family of ransomware.” Over the last week, older versions of this malware have been replaced by the new variant, which uses the same hash each time but comes with a unique bitcoin address.

Breaking Bitcoins

Meanwhile, Techworld reported that Symantec came across new ransomware that borrows from popular television show “Breaking Bad” as it attempts to extort users. First noticed in Australia, this Trojan campaign uses imagery and quotes from the TV series along with CyptoLocker.S to lock down files and demand up to $800 in bitcoins. The splash screen for this demand is inspired by a fictional restaurant chain in the show, Los Pollos Hermanos, and the payment address uses a line from main character Walter White: “I am the one who knocks.”

According to Symantec, there’s nothing particularly noteworthy about the ransomware aside from its use of TV references. Users can become infected by opening booby-trapped zip files, which open a legitimate PDF when extracted to make it seem as though nothing worrisome has occurred. Then files are encrypted using a random AES key, which is in turn encrypted using a public key. What’s interesting is that the security company would likely have overlooked this variant of ransomware if it weren’t for the “Breaking Bad” theme, which garnered some attention online. Now that companies are aware of the threat, however, its reach and impact are significantly reduced.

Old Hat

Despite new skins and the focus on bitcoin over other forms of payment, these two pieces of ransomware aren’t exactly novel or innovative. In fact, most companies have become largely inured to the worry of an encrypted attack by taking the time to back up critical files either on-site or in the cloud. But the continued recycling of old CryptoLocker code speaks to the effectiveness and simplicity of this threat vector since even the occasional success is worth repeated failure. For users, the message is simple: Ransom-based malware hasn’t gone away, it’s simply out of sight. The trick to staying safe? Don’t open files from strangers, and always know who’s knocking.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today