May 14, 2015 By Douglas Bonderud 2 min read

Last week, two new ransomware threats surfaced. SC Magazine reported that one was found by security firm Symantec and the other by a security researcher from cloud services provider Rackspace. Both leverage the same basic idea: Encrypt user data and then demand money to unlock the files without damage. This time, however, the malware creators are hoping to grab bitcoins.

Angling for Cash

According to a post on the InfoSec Community Forums by Rackspace security expert Brad Duncan, the Angler exploit kit is now being used to circulate new variants of the TeslaCrypt and AlphaCrypt ransomware. This new malware uses instructions similar to CTB Locker and demands up to $528 in bitcoins to unlock user files. There’s not much in the way of detail after the infection happens: Users are shown a screen that says, “Hello! All your important files are encrypted,” along with a message indicating the current cost of decryption and a bitcoin address for payment. The malware doesn’t self-reference a specific name or designation, but according to Duncan, it is very similar to CryptoLocker and “appears to be another evolution from this family of ransomware.” Over the last week, older versions of this malware have been replaced by the new variant, which uses the same hash each time but comes with a unique bitcoin address.

Breaking Bitcoins

Meanwhile, Techworld reported that Symantec came across new ransomware that borrows from popular television show “Breaking Bad” as it attempts to extort users. First noticed in Australia, this Trojan campaign uses imagery and quotes from the TV series along with CyptoLocker.S to lock down files and demand up to $800 in bitcoins. The splash screen for this demand is inspired by a fictional restaurant chain in the show, Los Pollos Hermanos, and the payment address uses a line from main character Walter White: “I am the one who knocks.”

According to Symantec, there’s nothing particularly noteworthy about the ransomware aside from its use of TV references. Users can become infected by opening booby-trapped zip files, which open a legitimate PDF when extracted to make it seem as though nothing worrisome has occurred. Then files are encrypted using a random AES key, which is in turn encrypted using a public key. What’s interesting is that the security company would likely have overlooked this variant of ransomware if it weren’t for the “Breaking Bad” theme, which garnered some attention online. Now that companies are aware of the threat, however, its reach and impact are significantly reduced.

Old Hat

Despite new skins and the focus on bitcoin over other forms of payment, these two pieces of ransomware aren’t exactly novel or innovative. In fact, most companies have become largely inured to the worry of an encrypted attack by taking the time to back up critical files either on-site or in the cloud. But the continued recycling of old CryptoLocker code speaks to the effectiveness and simplicity of this threat vector since even the occasional success is worth repeated failure. For users, the message is simple: Ransom-based malware hasn’t gone away, it’s simply out of sight. The trick to staying safe? Don’t open files from strangers, and always know who’s knocking.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today