New 'nasty' ransomware encourages victims to attack other computers

tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
Man this is like some horror movie type malware with the "infect somebody else to get your files back"

Popcorn Time malware offers users free removal if they get two other people to install link and pay

A new ransomware variant has been discovered using an innovative system to increase infections: the software turns victims into attackers by offering a pyramid scheme-style discount.
Any user who finds themselves infected with the Popcorn Time malware (named after, but unrelated to, the bittorrent client) is offered the ability to unlock their files for a cash payment, usually one bitcoin ($772.67/£613.20).

But they also have a second option, described by the developers as “the nasty way”: passing on a link to the malware. “If two or more people install this file and pay, we will decrypt your files for free”.


The affiliate marketing scheme was discovered by security researchers MalwareHunterTeam. For now, it’s only in development, but if the software gets a full release, its innovative distribution method could lead to it rapidly becoming one of the more widespread variants of this type of malware.


Like most ransomware, Popcorn Time, encrypts the key files on the hard drive of infected users, and promises the decryption key only to those users who pay up (or infect others). But the code also indicates a second twist: the ransomware may delete the encryption key entirely if the wrong code is entered four times. The in-development software doesn’t actually contain the code to delete the files, but it contains references to where that code would be added.


Advice varies as to what users who are infected with ransomware should do. Most law enforcement organisations recommend against paying the ransoms, noting that it funds further criminal activities, and that there is no guarantee the files will be recovered anyway (some malware attempts to look like ransomware, but simply deletes the files outright).


Many security researchers recommend similarly, but some argue that it should not be on the individual victim to sacrifice their own files for the sake of fighting crime at large. Some ransomware has even been “cracked”, thanks to the coders making a variety of mistakes in how they encrypt the hard drive. Petya and Telecrypt are two types of malware that have been so defeated.

Comments

  • OctalDumpOctalDump Member Posts: 1,722
    It sounds like a pyramid scheme. Those don't tend to end well.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
    I heard about this last week. It kind of reminds me of the movie "The Box"
  • DatabaseHeadDatabaseHead Teradata Assc 16, Querying Microsoft SQL Server 2012/2014, CSM Member Posts: 2,651 ■■■■■■■■■□
    OctalDump wrote: »
    It sounds like a pyramid scheme. Those don't tend to end well.

    LMAO! Well played!
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,029 ■■■■■■■■□□
    tpatt100 wrote: »
    But they also have a second option, described by the developers as “the nasty way”: passing on a link to the malware. “If two or more people install this file and pay, we will decrypt your files for free”.

    I can't see people purposely infecting there friends and family to get a discount from there malware vender. I guess if your tech savvy, you could get two old computers, infect them, get the free decrypt for your important files and wipe the old computers after.

    Can't say I ever got hit with ransomware, but there really nothing important I don't have backup of. I don't have a full backup or image of any of my computers, but anything important has been backed-up. It would be a pain in the ass, spending half a day formatting, reinstalling and updating my computer, but it's nothing I can't recover from.
    Still searching for the corner in a round room.
  • thomas_thomas_ CompTIA N+/S+/L+ CCNA R&S CCNP R&S/Enterprise/Collab Member Posts: 986 ■■■■■■■□□□
    I wonder if you could game the ransomware by encrypting two other systems that you really don't care about? Basically, just infect yourself two more times, but make it look like it infected someone else.
  • alias454alias454 Member Posts: 648
    I also wonder what the legal ramifications are if you knowingly get other people to infect their computers.
    “I do not seek answers, but rather to understand the question.”
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    My first thought when seeing this was "Yes!". I thought I would just spin up a couple of VM's. Then I dug in to it a bit more. The people you infect have to pay, not just be infected.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,029 ■■■■■■■■□□
    BlackBeret wrote: »
    Then I dug in to it a bit more. The people you infect have to pay, not just be infected.

    Damn, there always a catch.
    Still searching for the corner in a round room.
Sign In or Register to comment.