Last week, two new ransomware threats surfaced. SC Magazine reported that one was found by security firm Symantec and the other by a security researcher from cloud services provider Rackspace. Both leverage the same basic idea: Encrypt user data and then demand money to unlock the files without damage. This time, however, the malware creators are hoping to grab bitcoins.

Angling for Cash

According to a post on the InfoSec Community Forums by Rackspace security expert Brad Duncan, the Angler exploit kit is now being used to circulate new variants of the TeslaCrypt and AlphaCrypt ransomware. This new malware uses instructions similar to CTB Locker and demands up to $528 in bitcoins to unlock user files. There’s not much in the way of detail after the infection happens: Users are shown a screen that says, “Hello! All your important files are encrypted,” along with a message indicating the current cost of decryption and a bitcoin address for payment. The malware doesn’t self-reference a specific name or designation, but according to Duncan, it is very similar to CryptoLocker and “appears to be another evolution from this family of ransomware.” Over the last week, older versions of this malware have been replaced by the new variant, which uses the same hash each time but comes with a unique bitcoin address.

Breaking Bitcoins

Meanwhile, Techworld reported that Symantec came across new ransomware that borrows from popular television show “Breaking Bad” as it attempts to extort users. First noticed in Australia, this Trojan campaign uses imagery and quotes from the TV series along with CyptoLocker.S to lock down files and demand up to $800 in bitcoins. The splash screen for this demand is inspired by a fictional restaurant chain in the show, Los Pollos Hermanos, and the payment address uses a line from main character Walter White: “I am the one who knocks.”

According to Symantec, there’s nothing particularly noteworthy about the ransomware aside from its use of TV references. Users can become infected by opening booby-trapped zip files, which open a legitimate PDF when extracted to make it seem as though nothing worrisome has occurred. Then files are encrypted using a random AES key, which is in turn encrypted using a public key. What’s interesting is that the security company would likely have overlooked this variant of ransomware if it weren’t for the “Breaking Bad” theme, which garnered some attention online. Now that companies are aware of the threat, however, its reach and impact are significantly reduced.

Old Hat

Despite new skins and the focus on bitcoin over other forms of payment, these two pieces of ransomware aren’t exactly novel or innovative. In fact, most companies have become largely inured to the worry of an encrypted attack by taking the time to back up critical files either on-site or in the cloud. But the continued recycling of old CryptoLocker code speaks to the effectiveness and simplicity of this threat vector since even the occasional success is worth repeated failure. For users, the message is simple: Ransom-based malware hasn’t gone away, it’s simply out of sight. The trick to staying safe? Don’t open files from strangers, and always know who’s knocking.

More from

$10.3 Billion in Cyber Crime Losses Shatters Previous Totals

4 min read - The introduction of the most recent FBI Internet Crime Report says, “At the FBI, we know ‘cyber risk is business risk’ and ‘cybersecurity is national security.’” And the numbers in the report back up this statement. The FBI report details more than 800,000 cyber crime-related complaints filed in 2022. Meanwhile, total losses were over $10 billion, shattering 2021's total of $6.9 billion, according to the bureau’s Internet Crime Complaint Center (IC3).  Top Five Cyber Crime TypesIn the past five years, the…

4 min read

How to Boost Cybersecurity Through Better Communication

4 min read - Security would be easy without users. That statement is as absurd as it is true. It’s also true that business wouldn’t be possible without users. It’s time to look at the big picture when it comes to cybersecurity. In addition to dealing with every new risk, vulnerability and attack vector that comes along, cybersecurity pros need to understand their own fellow employees - how they think, how they learn and what they really want. The human element — the individual and social factors that…

4 min read

Detecting Insider Threats: Leverage User Behavior Analytics

3 min read - Employees often play an unwitting role in many security incidents, from accidental data breaches to intentional malicious attacks. Unfortunately, most organizations don’t have the right protocols and processes to identify potential risks posed by their workforce. Based on a survey conducted by SANS Institute, 35% of respondents said they lack visibility into insider threats, while 30% said the inability to audit user access is a security blind spot in their organizations. In addition, the 2023 X-Force Threat Intelligence Index reported that…

3 min read

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read