Hackers who are fans of the hit TV show Breaking Bad are using images from the series to tell victims their computers have been hacked.
Just like the Cryptolocker ransomware which became widespread during 2014, the new piece of malware – identified by researchers at Symantec as Trojan.Cryptolocker.S – is targeting users in Australia and will encrypt images, videos, documents and more on victims' computers with the criminals behind the attack demanding up to AU$1,000 (£507, $795) to decrypt these files.
The criminals behind the malware are clearly fans of Vince Gilligan's hit show, as the splash message which greets victims of the ransomware uses the logo of "Los Pollos Hermanos", the chain of fast-food fried chicken restaurants run by Gus Fring.
Additionally, the criminals use an email address in the extortion demand based on a quote by the show's protagonist Walter White, who declared "I am the one who knocks".
Once the files have been encrypted, victims are given an ultimatum: pay the ransom or see your files lost forever.
The amount victims have to pay increases the longer it take for them to pay up with payment made in bitcoin.
How to buy bitcoin
The criminals use bitcoin because it is relatively anonymous and is difficult to track, but for most victims who have never used bitcoin before it can be a confusing method of payment. Luckily for the victims, the criminals have been kind enough to include a "How to Buy Bitcoin" guide within the ransomware, giving step by step instructions on how to go about getting some of the cryptocurrency before handing it over.
The final (relatively tenuous) Breaking Bad link comes in the form of a YouTube video which is opened in the background and features a song used in a fictional radio station in the game Grand Theft Auto V, which some fans believe is a homage to Breaking Bad.
According to Symantec researchers, the criminals use social engineering rather than a flaw in the software running on a victim's computer, attaching a zip archive to phishing emails with the name of a major courier firm in its file name.
Sagie Dulce, from security company Imperva, says this Breaking Bad ransomware highlights what can be achieved without the need for huge amounts of technical expertise: "This shows how compromises, similar to ones expected from sophisticated hacker groups, can be achieved by simple social engineering and a few scripts. The hackers didn't use any exploits or spend money on advanced tools."
Mark James from ESET echoes these sentiments:
"What we see here are the typical means to distribute this type of malware – social engineering is a powerful tool when used to distribute malware and using the old favourite of missed or undelivered parcels to draw the public into running its infected attachment will continue to achieve its goal.
"As with most of these variants once your files are encrypted they can only be decrypted by using the actual private key from the attackers thus stopping the use of tools to get around paying the ransom."