Popcorn Time ransomware invites you to get 'nasty' to recover your files

Are you so desperate to recover from a ransomware attack that you would infect other computer users?

Popcorn ransomware

Want to fix your ransomware-hit computer but don't want to pay up for the decryption key?

Well, as Bleeping Computer describes, the Popcorn Time ransomware has an answer for you. If you want your files back, but won't/can't pay the ransom the ransomware's operators will give you free decryption keys if you infect your friends via referral links.

Dirty tricks

Yep, the bad guys behind Popcorn Time say that if you manage to infect two other people with their malware and if they then pay the ransom, then you'll be able to get your decryption key.

Oh, and congratulations by the way. As well as becoming an affiliate of a ransomware gang, you've just committed a criminal act.

I hope no-one would be so dumb as to risk earning a criminal record (and potentially a prison sentence) by infecting someone else's computer with ransomware, but then we all know far too well that people are prepared to do terrible things via the internet that they would never consider doing to someone face-to-face.

Oh, and by the way, how do you know the ransomware's authors will honour their offer and send you the decryption key for infecting more users? After all, they've already proven themselves to be scumbags by spreading Popcorn Time in the first place. They're hardly the most trustworthy people on the planet.

Don't become a ransomware affiliate. Protect your computer with a layered defence, and get a proper backup regime up and running for goodness sake.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episodes:

, ,

8 Responses

  1. Rajiv

    December 13, 2016 at 6:52 am #

    Always enjoy reading your write ups. Thanks!

  2. Tony

    December 13, 2016 at 9:51 am #

    I'd suggest that you spin up a couple of VMs, infect them yourself, and bag a free decryption key at no one else's expense. Bosh.

    • Graham Cluley in reply to Tony.

      December 13, 2016 at 10:39 am #

      Infecting others isn't enough to earn you the decryption key. The new victims also have to pay up.

      And, as Kevin says, a lot of malware refuses to run in VM environments anyway in an attempt to avoid analysis.

      • Bob in reply to Graham Cluley.

        December 13, 2016 at 12:57 pm #

        Exactly so, Graham.

        It is sometimes possible to trick the malware into thinking that it's running in a real environment but that's something that's best left to the experienced investigators.

        Malware like this is another justification for running a compartmentalised OS. Take a look at Qubes* if you've not heard of it. It's probably well outside the scope of this blog but essentially you have a different 'virtual' desktop for each task: each of which is isolated and sandboxed from each other.

        For example:

        Desktop 1 – Banking
        Desktop 2 – Social Media
        Desktop 3 – Email
        Desktop 4 – Games
        Desktop 5 – Everyday Internet
        Desktop 6 – Risky Internet (e.g. Torrents)
        Desktop 7 – Offline Use (e.g. Word Processing) (No access to network adaptor)

        It's not for everybody and that's just a basic explanation of how it works however it exponentially increases your security and makes it almost impossible for malware to get a hold (you can always just delete the instance (infected desktop) if this happens)).

        * https://www.qubes-os.org/

      • Tony in reply to Graham Cluley.

        December 13, 2016 at 5:09 pm #

        Oh, my bad, I'll get the hang of this reading skill soon.

  3. Kevin

    December 13, 2016 at 10:09 am #

    I thought the same thing, Tony, but lots of these horrendous programs don't execute in a VM environment, they know there is a chance it is being analysed… so just dig out two crappy old laptops/raspberry pi's/whatever and infect those? :)

  4. Nick

    December 13, 2016 at 11:04 am #

    This is a different Popcorn Time to the one most people are familiar with. To avoid confusion, it would be worth including in your article this statement from the Bleeping Computer article you refer to:
    "It should be noted, that this ransomware is not related to the Popcorn Time application that downloads and streams copyrighted movies."

  5. Topiux

    December 16, 2016 at 2:56 am #

    ElevenPaths discovers the Popcorn ransomware passwords: no need to infect other people to decrypt for free http://blog.elevenpaths.com/2016/12/elevenpaths-discovers-popcorn.html

Leave a Reply