Breaking Bad Themed Crypto Ransomware
A new Ransomware threat named Trojan.Cryptolocker.S, has been discovered by Symantec. Initial reports suggest that the Ransomware only targets users in the Australian region. However, network managers in any region should watch out for signs of an infection.
The malware authors use a ‘Los Pollos Hermanos’ branded image which can be found in the Breaking Bad TV series. The malware arrives through a zip archive and contains a malicious file called ‘PENALTY.VBS’. When executed, the malware downloads the Crypto Ransomware onto the victim’s computer. The malware also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file.
Once installed it is reported to encrypt images, videos and documents on compromised computers and then demand up to AU$1,000 to decrypt them. Once your files are encrypted they can only be decrypted by using the actual private key from the attackers thus stopping the use of tools to get around paying the ransom.
Crypto Ransomware typically uses social engineering techniques as a means of infecting victims. You should continuously educate your users on the dangers of clicking on email attachments or website links.
You should also look at implementing a file activity monitoring solution on your network. Watch out for the presence of suspicious files like HOWDECRYPT.txt or users accessing large amounts of files on network shares.
Recently we hosted a Webinar which looked at ways you can track down the source of Ransomware on your network. You can view a recording of this Webinar at the link below.
You can contact our support team at any time if you need any help with clearing up a Crypto Ransomware problem. Alternatively, you can also download a trial version of LANGuardian which can show you what systems are infected with malware on your network.