There have been so many ransomware reports in 2016 that we have lost count. Most of them follow a typical approach:
- Infect a victim’s computer through email spam, false redirects or by hiding behind some software installer.
- Encrypt system files.
- Demand a ransom in exchange for a decryption key.
The most recent encounter, however, is one of a kind. The Popcorn Time ransomware is found to be asking its victims to spread the malware. “How does it exactly do that?” you may think.
How does the Popcorn Time ransomware spread itself?
First, we would like to clarify that this ransomware has nothing to do with the popular online streaming app. However, the ransomware does capitalize on its popularity. It is speculated that the creators of the ransomware had planned all along to feast on Popcorn Time’s popularity for their own dishonest actions.
The Popcorn Time ransomware was first discovered by security experts at MalwareHunterTeam. The researchers claim that its decryption method is a particularly unusual one. And the only way to make it go away is by infecting a couple of other users. There is another choice offered to the victims: Pay a ransom in Bitcoins. What makes it interesting is that victims are offered a free option if they infect other users. So in short, give one bitcoin (equal to $780) or take a more sinister road.
When a user agrees to either of those conditions, they are given a key. The key is entered in a blue screen that pops up after the ransomware has infected a computer. There is another twist to this. You get only four attempts to enter a key. If you fail, there won’t be a fifth time and all of the decrypted files on your computer will go away for good.
Users are offered a relatively short span of time to take action. The timeline to earn a decryption key lasts only for a week.
Who created it?
Another interesting piece of information that the MalwareHunterTeam provided is that the group of cyber criminals are science students of Syria, a war torn country where uncountable deaths have occurred over the past five years. The hackers display a note that reads:
“We are extremely sorry that we [sic] forcing you to pay, but that’s the only way we can keep living”
Researchers were also able to determine that the ransomware is still under its development process, so it is highly unlikely for the software to permeate in the near future.
Some Related Stories:
- MarsJoke ransomware is a vicious threat targeting Windows
- Zepto ransomware is back, Windows Defender can’t block it
- DXXD ransomware developers make the malware impossible to decrypt
- Locky ransomware spreading on Facebook cloaked as .svg file