The ransomware is based on open-source code called EDA2, which is commonly used to create this type of malicious software, according to a report published on the blog of anti-virus vendor Avira. The software manifests itself as an executable file that’s disguised as a PDF to make users think that it’s harmless. It’s not.
Once the user clicks on the executable, it uses RSA encryption to lock down other files and creates an RSA key that can be used to decrypt them. It also changes the affected system’s desktop wallpaper to a Mr. Robot-themed image — a hint to any fan of the TV show that bad stuff is happening.
At present, this malware is innocuous — it only encrypts a test folder on the desktop, rather than seeking out important files and holding them ransom. However, since it’s based on EDA2, there’s every possibility that it could be tweaked to do damage at some point in the future.
In Mr. Robot, the protagonist utilizes computer hacking to further his vigilante crusade against the willfully corrupt ECorp, which he refers to as “Evil Corp.” The purpose of this real-world ransomware is much more difficult to determine. It’s entirely possible that its creator set about building malware out of sheer curiosity, since it makes use of open-source code — it’s easy to imagine how a Mr. Robot fan might want to know more about how concepts in the show work in the real world. There’s also a slim possibility that the ransomware is a unique promotional tool, given that it’s currently pretty harmless.
That said, there’s still a chance that the Mr. Robot ransomware could show its teeth at a later date, so it’s still a good idea to prevent these files from taking roost on your system.
