Breaking Bad ransomware

Los Pollos HermanosSometimes malware authors leave clues in their code which might reveal something about themselves.

In the past, I've seen malware which has provided pointers as to the creator's language of choice, preferred programming language, or country of origin.

In the most extreme examples there has even been malware which has included the author's real name, phone number and address.

I don't think I'll ever forget Filipino macro virus writer Michael Buen, a contemporary of Love Bug author Onel de Guzman, who was dumb enough to use victim's computers to print out his entire CV and contact details as he was looking for a job...

But normally, if any clues are left at all in an increasingly professional world of cybercrime, they can't narrow down the list of suspects that tightly.

Take, for instance, the case of the ransomware affecting Australian computer users right now: Trojan.Cryptolocker.S.

According to Symantec researchers, the malware uses images grabbed from the popular TV show about an everyday Chemistry teacher turned Crystal Meth drugpin badass "Breaking Bad".

Specifically, ransom demands popped up by the malware use the logo of "Los Pollos Hermanos", the chain of fast-food fried chicken restaurants run by (spoilers!) the rather terrifying Gus Fring.

Ransomware message

Furthermore, the criminals behind the ransomware attack are using an anonymous email account named after a quote from Walter White, the lead character played in the show by Bryan Cranston.

Ransomware message

Seems to me that the one thing we can be pretty sure about is that whoever wrote this latest ransomware is a fan of Walter White.

You can learn more about this particular malware by reading Symantec's blog post.

Stay safe folks.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

2 Responses

  1. Reality bites

    May 11, 2015 at 12:54 pm #

    What a pity the NSA is run by such incompetent drooling cretins. Since they hoover every bit of data from the entire world it is a foregone conclusion that they have all the necessary information to know without even the tiniest doubt who is responsible. But give a monkey an encyclopedia and all they will do is pee on it, likewise the rogue NSA, they have everything yet do nothing expect pee on it.

    All the people affected by the virus should sue the government, since it is only incompetence on the feral governments part that the virus writers aren't already behind bars. Same goes for any victim of any crime, since the government knows and they do nothing they are responsible.

    • Coyote in reply to Reality bites.

      May 13, 2015 at 12:18 am #

      While I know what you mean (as below), I have to think that in this case it is beyond their jurisdiction (at least without additional steps taken). While it isn't 100% certain (it could be misdirection) the fact they want AUD implies not US. Unless bitcoins allow – which it seems they use – for (and I really don't know nor do I care enough to check) currency exchange for free (which admittedly I could see being the case) then they would have to pay to get it to the proper currency. I.e. while I wouldn't claim for a fact that it is Australian, it very well could be.

      As for the NSA. Well yes, it is true. The US isn't the only country involved, though, and I'm afraid it is an international thing. Each and every country complaining (actually whining) about the attacks should look at themselves instead of whining (whining because they're just as guilty; they're participating and as such it isn't mere self defence – it is outright assault). The US is no exception. But they won't. They never will. History shows this to those few willing to learn from history. Governments don't tend to, though, because those in power rarely care about the implications (unless it affects their ability to get what they want) as long they get their way. Exceptions? Perhaps but not enough to make much of a difference. Even those who do consider it, will not have enough support in the government to change matters (or any or all of those involved don't go far enough). Of course they'll claim to recognise these things, that they've changed but I'm afraid half changes isn't enough – if you fix half a problem then the problem is still there; it isn't fixed.

      Oh, and on the subject of suing. I somehow suspect it is easier said than done. It is an unfortunate thing but abuses by governments are hard to change or protect yourself from because they are the ones creating the laws. If they can create the laws they can protect themselves in whatever ways they feel necessary. Far as I know, there are (were ?) laws that protect(ed) the US government from the herbicide use ('abuse') in Vietnam. I seem to recall this also applies to the many twisted, evil CIA experiments of decades ago. See also Project Paperclip (and unfortunately that's not the experiments I refer to). It is a very strange, messed up world we live in but yet I don't think it was ever any different (in that humans are humans); it is just easier to communicate over distance and there is the technology advances (some of which are devastating). Different priorities also comes to mind as relevant. This goes back to they don't care about implications as long as they get their way in the end.

      The fact it is cyberattacks now is both worse and better: worse because of the global reach; better in that at least it isn't nuclear warfare (I daresay, it isn't 'yet'). Also, it is true that at least it isn't invasion of many countries. Although some unnamed countries (like the country that the NSA belongs to) have a terrible record in this regard, it could be worse – it could be the cyber invasions are also declaring war by way of invasion (in addition to the other invaded countries, of course). Worse also because it affects everyone, including the safety (and stability) of others who aren't involved in the wars (e.g. this ransomware or memory scrapers stealing credit card information, etc.); citizens and bystanders, people who are affected in many ways as a direct result of government actions, including those who are against the actions (but all of that applies for war in the 'real world' too). Then there is the black market… of course governments don't have problems creating black markets, they have a problem when others (other countries or citizens) use the black market, but they have no problem using them themselves. What to say? Black could be any number of things – bad, undesirable, illegal, shunned, evil… Choose your poison – it doesn't matter to them anyway; after all, they make the laws.

Leave a Reply