Popcorn Time ransomware invites you to get ‘nasty’ to recover your files

Graham Cluley

Popcorn Time ransomware invites you to get 'nasty' to recover your files

Popcorn ransomware

Want to fix your ransomware-hit computer but don’t want to pay up for the decryption key?

Well, as Bleeping Computer describes, the Popcorn Time ransomware has an answer for you. If you want your files back, but won’t/can’t pay the ransom the ransomware’s operators will give you free decryption keys if you infect your friends via referral links.

Dirty tricks

Yep, the bad guys behind Popcorn Time say that if you manage to infect two other people with their malware and if they then pay the ransom, then you’ll be able to get your decryption key.

Oh, and congratulations by the way. As well as becoming an affiliate of a ransomware gang, you’ve just committed a criminal act.

I hope no-one would be so dumb as to risk earning a criminal record (and potentially a prison sentence) by infecting someone else’s computer with ransomware, but then we all know far too well that people are prepared to do terrible things via the internet that they would never consider doing to someone face-to-face.

Oh, and by the way, how do you know the ransomware’s authors will honour their offer and send you the decryption key for infecting more users? After all, they’ve already proven themselves to be scumbags by spreading Popcorn Time in the first place. They’re hardly the most trustworthy people on the planet.

Don’t become a ransomware affiliate. Protect your computer with a layered defence, and get a proper backup regime up and running for goodness sake.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

8 Replies to “Popcorn Time ransomware invites you to get ‘nasty’ to recover your files”

  1. I'd suggest that you spin up a couple of VMs, infect them yourself, and bag a free decryption key at no one else's expense. Bosh.

    1. Infecting others isn't enough to earn you the decryption key. The new victims also have to pay up.

      And, as Kevin says, a lot of malware refuses to run in VM environments anyway in an attempt to avoid analysis.

      1. Exactly so, Graham.

        It is sometimes possible to trick the malware into thinking that it's running in a real environment but that's something that's best left to the experienced investigators.

        Malware like this is another justification for running a compartmentalised OS. Take a look at Qubes* if you've not heard of it. It's probably well outside the scope of this blog but essentially you have a different 'virtual' desktop for each task: each of which is isolated and sandboxed from each other.

        For example:

        Desktop 1 – Banking
        Desktop 2 – Social Media
        Desktop 3 – Email
        Desktop 4 – Games
        Desktop 5 – Everyday Internet
        Desktop 6 – Risky Internet (e.g. Torrents)
        Desktop 7 – Offline Use (e.g. Word Processing) (No access to network adaptor)

        It's not for everybody and that's just a basic explanation of how it works however it exponentially increases your security and makes it almost impossible for malware to get a hold (you can always just delete the instance (infected desktop) if this happens)).

        * https://www.qubes-os.org/

  2. I thought the same thing, Tony, but lots of these horrendous programs don't execute in a VM environment, they know there is a chance it is being analysed… so just dig out two crappy old laptops/raspberry pi's/whatever and infect those? :)

  3. This is a different Popcorn Time to the one most people are familiar with. To avoid confusion, it would be worth including in your article this statement from the Bleeping Computer article you refer to:
    "It should be noted, that this ransomware is not related to the Popcorn Time application that downloads and streams copyrighted movies."

  4. ElevenPaths discovers the Popcorn ransomware passwords: no need to infect other people to decrypt for free http://blog.elevenpaths.com/2016/12/elevenpaths-discovers-popcorn.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES