'Breaking Bad' Crypto Ransomware Targets Australian Users

An anonymous reader writes: A new strain of the Trojan.Cryptolocker.S targeting Australia is using the branding of popular TV crime drama 'Breaking Bad' to theme its extortion demands. After encrypting all the files on the victim's computer, the ransomware presents a message that uses a logo and character quotes from the show, in addition to a YouTube video from the game Grand Theft Auto V, thought to be a tribute to Breaking Bad.

oblig

pw is saulgoodman

Source article = useless

No Command and Control servers are listed for blocking this threat. An article of that ilk is utterly useless for defending one's self or company vs. this threat.

A new strain

[Psychotria]

The way these viruses are mutating, sharing RNA (code), and recombining to form new strains is ridiculous. My main concern is that my computer is in close contact with Windows, OSX and also Linux. Even if I was just dual booting Windows and Linux it would be bad enough. Dual booting with the obvious genetic soup it forms between the two different operating systems is a recipe for disaster. Such close contact between operating systems and a virus that mutates to form new strains, frankly, makes me quite uneasy. Because the operating systems run on the same underlying hardware, sharing the same genetics (opcodes) means that the likelihood of the virus crossing species (OS's) is pretty damn likely. We could seriously have an uncontrollable pandemic on our hands withing weeks unless the governments of the world (and their health organisations) proactively get together and tighten air traffic so that laptops and other computers come into contact. Without cooperation I fear that we face a pandemic that will make SARS look like a baby chicken (after it comes out of the egg all nice and fluffy).

Re:A new strain

Computer viruses don't breed like their bio counterparts. They're hand written by humans.

Re:A new strain

But the hands breed. Just think of how many times your hands have been in a compromising position.

these viruses are the end of computing

[slashmydots]

In a year, 99% of viruses are going to be crypto ransomware. It's a million times more effective than stealing bank account info or health records or credit card numbers or any of that junk that's basically valueless in 2015. If my CC gets stolen, you'd be lucky to use it in another state let alone another country. If you steal my bank account login, you better know all my security questions too once the bank sees an unfamiliar IP address and I'll get a phone call to verify a large EFT. But encrypt someone's files and they're likely to pay the ransom. I think the original ransomware virus got like $50 million+. The people behind these viruses will never be caught so until every government makes it illegal to pay these fines, people will keep doing it.

Re:these viruses are the end of computing

[njnnja]

It may be the end of local storage, but what does the average person need to have locally stored anyways? Purchased content can be more efficiently stored by the seller and streamed on demand. And for "irreplaceable" content like photos, I trust cloud providers to deal with grandma's pictures better than she ever could.

In the past, pipe size was the constraint that would lead people to store things locally but why shouldn't the average user leave all those headaches to someone else nowadays? More sophisticated users will continue to store things locally, but will also be better about off site backups and therefore less susceptible to this kind of ransomware anyways.

Re:these viruses are the end of computing

This is why we should all support the republican crusade to outlaw encryption technology!

Re:these viruses are the end of computing

[Cro+Magnon]

This is why we should all support the republican crusade to outlaw encryption technology!

The saying "If you outlaw encryption, only outlaws will have encryption" couldn't possibly be more appropriate.

Re:these viruses are the end of computing

In a year, 99% of viruses are going to be crypto ransomware.

A year from now, when this isn't the case, I wonder what your excuse will be.

Re:these viruses are the end of computing

[o_ferguson]

Great, except most clouds store a mirrored copy of your local files, so when the crypto encodes them, your cloud will update and overwrite with the new, locked files.

Re:these viruses are the end of computing

In the present, pipe size (and especially monthly caps) are still the constraint that would lead people to store things locally. Fast, unlimited cap data connections are available to about 0.0001% of the world's population.

Re:these viruses are the end of computing

[Chewbacon]

These ransomware viruses are getting more sophisticated. You can only combat that with a multifaceted strategy. I backup entire images to my media server. I also backup the irreplaceable stuff to a separate folder which my media server backs up to Amazon S3 via S3FS (shell scripts!). Finally, I have an external drive which I plug in and backup to once a week. It's cold storage which the ransomware can't get to unless I fail to realize I've been compromised when I plug it in.

What does "breaking bad" mean?

What does the term "breaking bad" mean?

Re:What does "breaking bad" mean?

[narcc]

It means to speak or act without restraint: "Man, I really broke bad last night ... woke up in jail"

Re:What does "breaking bad" mean?

[neminem]

Stupidly easy google search, "break bad" (because obviously "breaking bad" will just get you hits for the show): http://en.wiktionary.org/wiki/...

I didn't know that either - I always assumed it was a made-up phrase for the show that just sounded cool, but apparently it's a midwestern phrase meaning, appropriately, "to turn to a life of crime". Of course, now if you say someone's breaking bad, anyone, or at least anyone outside that geographic region, will just assume it means they're cooking meth. I've heard it used that way colloquially a few times already.

Expensive

See, entertainment is getting really expensive in Australia.

"SAY MY NAME!!!"

[kimgkimg]

I'll bet "heisenberg" is the unlocking password.

Re:"SAY MY NAME!!!"

[hcs_$reboot]

Well, considering how the show ends, I guess the password would be his son's name...

Re:"SAY MY NAME!!!"

[qIroS]

I'm not so certain

Re:"SAY MY NAME!!!"

Unlikely since the minimum private keysize for AES is 128-bit (16 characters)

Re:"SAY MY NAME!!!"

Well it both is and isn't until you enter it in; then the wave function collapses into a single state.

What OS?

[hcs_$reboot]

What OSes are affected? And why it's not part of TF[AS]?

Re:What OS?

Pretty much all distributions based on Linux that aren't running systemd. Ubuntu 14.x and earler, RHEL before 7.0, etc.

Systemd's use of cgroups isolates the particular process that this ransomware uses, in case you're wondering, so distros running systemd aren't affected at all.

Re:What OS?

From TFA:

The worm exploits a combination of bugs in Apache and some common freedesktop.org components. Ironically, one of the most controversial additions to Linux based systems may be its saviour: a start up system called "systemd" has new features that isolate Apache from the rest of the system, making more recent Linux operating systems - that use systemd - invulnerable from this kind of attack.

So essentially it's any Linux that runs GNOME or KDE, and doesn't run systemd.

Re:What OS?

TFA says a desktop (KDE or GNOME) Linux distro also running Apache, but that if you have systemd running that protects you from it.

Re:What OS?

Symantec says, "You will need to enable Javascript in your browser to access this site." No, I don't need to do any such thing.

The second article mentions Penalty.vbs, so I'm thinking this is a Windows issue.

Re: What OS?

Source?

I see no mention of linux anywhere.

Re:What OS?

No, combination of modvb (Apache) and the mono runtime.

Re:What OS?

[canajin56]

From the TFA (or rather from the link at the top of TFA): Systems Affected: Windows 2000, Windows 7, Windows NT, Windows Vista, Windows XP.

Re:What OS?

[hcs_$reboot]

BS

accidental download?

I'm not trying to blame the victim, I'm trying to understand how people still download attachments without using anti-virus software? Who double-clicks a VBS file that is in a zip file? Shouldn't the email provider (Gmail, Yahoo, ect) scan attachments that have executable code? Is the trojan installed via a drive by web browsing session? Do people install No-script in firefox? Do people use a free desktop virtualization software to open unknown attachments? Use Linux, Mac OS X or a cheap Windows computer to browse the web or email instead of their "main" computer? Use cheap tablet that has Wifi to read emails?

Just asking.

Re:accidental download?

[Teun]

After we had an incident with ransomeware and had to quarantine a particular office I asked our IT chief why he didn't use policies to uncheck that stupid Microsoft setting 'hide known extensions'.
After a couple of days he answered that showing extensions would only confuse people.
Scary.

Ransomware targets Australian users?

[nickweller]

I thought malware could only target a specific Operating System, in this case Microsoft Windows XP/Windows NT/Vista/ Windows 2000/Windows 7 ..

Re:Ransomware targets Australian users?

[Teun]

Indeed, as usual the press thinks everyone in *.* runs Windows.
And next they update the virus definitions on their iShiny.

lmfao

end of local storage?

you dumb niggers amuse me

Re:lmfao

Your sister called. She's off her rags and looks forward to being anally fisted by your 6 fingered hand while she plays the banjo and spits chewin tobaccy juice out between her 2 remaining teeth.

Ignore this

I am the one who tests.