May 14, 2015 By Douglas Bonderud 2 min read

Last week, two new ransomware threats surfaced. SC Magazine reported that one was found by security firm Symantec and the other by a security researcher from cloud services provider Rackspace. Both leverage the same basic idea: Encrypt user data and then demand money to unlock the files without damage. This time, however, the malware creators are hoping to grab bitcoins.

Angling for Cash

According to a post on the InfoSec Community Forums by Rackspace security expert Brad Duncan, the Angler exploit kit is now being used to circulate new variants of the TeslaCrypt and AlphaCrypt ransomware. This new malware uses instructions similar to CTB Locker and demands up to $528 in bitcoins to unlock user files. There’s not much in the way of detail after the infection happens: Users are shown a screen that says, “Hello! All your important files are encrypted,” along with a message indicating the current cost of decryption and a bitcoin address for payment. The malware doesn’t self-reference a specific name or designation, but according to Duncan, it is very similar to CryptoLocker and “appears to be another evolution from this family of ransomware.” Over the last week, older versions of this malware have been replaced by the new variant, which uses the same hash each time but comes with a unique bitcoin address.

Breaking Bitcoins

Meanwhile, Techworld reported that Symantec came across new ransomware that borrows from popular television show “Breaking Bad” as it attempts to extort users. First noticed in Australia, this Trojan campaign uses imagery and quotes from the TV series along with CyptoLocker.S to lock down files and demand up to $800 in bitcoins. The splash screen for this demand is inspired by a fictional restaurant chain in the show, Los Pollos Hermanos, and the payment address uses a line from main character Walter White: “I am the one who knocks.”

According to Symantec, there’s nothing particularly noteworthy about the ransomware aside from its use of TV references. Users can become infected by opening booby-trapped zip files, which open a legitimate PDF when extracted to make it seem as though nothing worrisome has occurred. Then files are encrypted using a random AES key, which is in turn encrypted using a public key. What’s interesting is that the security company would likely have overlooked this variant of ransomware if it weren’t for the “Breaking Bad” theme, which garnered some attention online. Now that companies are aware of the threat, however, its reach and impact are significantly reduced.

Old Hat

Despite new skins and the focus on bitcoin over other forms of payment, these two pieces of ransomware aren’t exactly novel or innovative. In fact, most companies have become largely inured to the worry of an encrypted attack by taking the time to back up critical files either on-site or in the cloud. But the continued recycling of old CryptoLocker code speaks to the effectiveness and simplicity of this threat vector since even the occasional success is worth repeated failure. For users, the message is simple: Ransom-based malware hasn’t gone away, it’s simply out of sight. The trick to staying safe? Don’t open files from strangers, and always know who’s knocking.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today