Skip to main content

Don't fall for new Breaking Bad-themed ‘Los Pollos Hermanos’ crypto ransomware

A new crypto ransomware threat that uses the ‘Los Pollos Hermanos’ branding image found in the show ‘Breaking Bad’ has been discovered. Currently infecting computers in Australia, the malware encrypts images, videos, documents, and more on the compromised computer and demands up to AU$1,000 (£637) to decrypt these files.

Discovered by Symantec, the malware arrives through a malicious zip archive, which contains a malicious file called ‘PENALTY.VBS’ (VBS.Downloader.Trojan (opens in new tab)) which when executed, downloads the crypto ransomware onto the victim’s computer. The threat also downloads and opens a legitimate .pdf file to trick users into thinking that the initial zip archive was not a malicious file.

According to Symantec researchers, the malware encrypts files using a random Advanced Encryption Standard (AES) (opens in new tab) key. This key is then encrypted with an RSA public key (opens in new tab) so that victims can only decrypt their files by obtaining the private key from the attackers.

Sagie Dulce, security researcher at Imperva pointed out that the techniques of this attack show how effective social engineering is when creating successful ransomware campaigns. “The hackers don’t use any exploits to infect the victim’s machine. The victim downloads a zipped archive that contains a malicious script. Once the script is run by the victim it downloads the ransomware and opens a PDF in order to trick the victim into thinking that “nothing bad happened”. Additionally, the hackers seem to be using open source PEN testing tool to execute their own PowerShell scripts on the compromised computer.

“This shows how compromises, similar to ones expected from sophisticated hacker groups, can be achieved by simple social engineering and a few scripts. The hackers didn’t use any exploits or spend money on advanced tools.”

TK Keanini, CTO Lancope, urged users not to pay the ransom. “This will continue until folks stop paying. The exchange of money needs to stop before this activity stops. Every time someone pays the ransom, they fund this cybercrime business! Stop paying, and they will need to find another way to make their money.”

Mark James, security specialist at ESET said that companies to be extra vigilant with email attachments and to educate employees. “Keeping your staff up to date on these new variants and ensuring they are all aware of the latest methods or techniques used to infect will help combat these bad guys. Ensuring your Antivirus software, operating system and all other applications are updated regularly will also help to keep you safe.”

The post Breaking Bad-themed ‘Los Pollos Hermanos’ crypto ransomware found in the wild appeared first on IT SECURITY GURU.