According to Threatpost, victims of the new Ransomware variant called “Popcorn Time” now have an alternative to paying their attacker’s bitcoin fee in the exchange of a decryption key if the victim can infect two other victims via a refferal link and either one of those victims cave in and pay up.
According to an analysis by researcher Lawrence Abrams, Popcorn time can target up to 500 file types and if the user/victim inputs the wrong decryption key up to 4 times the malware will begin to delete files in retaliation in AES-256 encryption .filock extension.
Also of interest is that the ransomware’s developer gives their victim a little “About Us” blurb on the infection screen claiming that the group are Syrian students and using the proceeds to pay for medicine, food and shelter efforts in Syria and that they “are extremely sorry that are forcing you to pay”.
Overall, this is one of the more interesting cases of a ransomware attack. It appeals to one’s sensibility at claiming that the proceeds are in need for the good of others in a chaotic good sort of way. Simultaneously, it shares this same principle with the user as they can either pay for their problems themselves, or they too could go the “nasty way” and get their own key for free by spreading it to another. Of course, it should be noted that if one does spread the malware to another one has now committed a crime as they are actively engaged in illicit computer tampering.