Can’t Pay the Ransom? Free Keys if you Spread it to Someone Else

 

html-ransom-note
Enter a caption

According to Threatpost, victims of the new Ransomware variant called “Popcorn Time” now have an alternative to paying their attacker’s bitcoin fee in the exchange of a decryption key if the victim can infect two other victims via a refferal link and either one of those victims cave in and pay up.

 

According to an analysis by  researcher Lawrence Abrams, Popcorn time can target up to 500 file types and if the user/victim inputs the wrong decryption key up to 4 times the malware will begin to delete files in retaliation in AES-256 encryption .filock extension.

Also of interest is that the ransomware’s developer gives their victim a little “About Us” blurb on the infection screen claiming that the group are Syrian students and using the proceeds to pay for medicine, food and shelter efforts in Syria and that they “are extremely sorry that  are forcing you to pay”.

Fake Installation Screen to the program the victim thinks they’re installing

Overall, this is one of the more interesting cases of a ransomware attack. It appeals to one’s sensibility at claiming that the proceeds are in need for the good of others in a chaotic good sort of way. Simultaneously, it shares this same principle with the user as they can either pay for their problems themselves, or they too could go the “nasty way” and get their own key for free by spreading it to another. Of course, it should be noted that if one does spread the malware to another one has now committed a crime as they are actively engaged in illicit computer tampering.

 Sources and Links:
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s