Skip to main content

Ransomware Popcorn Time removes itself once you infect your friends with it

Like a digital version of The Ring, a nefarious piece of ransomware malware is offering those affected the chance to avoid having to pay to decrypt their files. The only catch is they have to infect two other people to get them back.

Ransomware has been a growing problem in recent years, becoming one of the most common forms of malware attack in 2016. It’s proved effective and lucrative for criminals, which is why we have seen so many different forms of it. The idea of using infected users to spread it further, however, is rare, though we did see one form with its own affiliate network at the close of 2015.

This latest iteration though is a little more immediate. Known as Popcorn Time (not to be confused with the video streaming software of the same name), the ransomware locks an infected user’s files with a strong AES-256 encryption, making them nigh on impossible to recover without the decryption key, according to Bleeping. As with typical ransomware infections, you can (purportedly) recover those files if you pay up. The current price is one bitcoin or just under $780 at the time of writing.

However, much less common is the linking system. Offered to those affected as the “nasty way,” to get the files back, the malware claims that if you send a link to the ransomware to two unsuspecting people and they become infected with it and ultimately pay to decrypt their files, you will get a free key to do the same.

Full ransom notes, and the message after you paid.
"The money you gave will be used for food, medicine and shelter to those in need."

— MalwareHunterTeam (@malwrhunterteam) December 7, 2016

To try and sweeten a pretty foul tasting deal, the malware makers also look to appeal to people’s better sides. Within the malware documentation is another line about “why [they] do it.” It states that the malware makers are Syrian and that the money being sent as a digital ransom will be used to pay for food, medicine and shelter.

While we cannot confirm such claims, the language used does suggest that the malware makers are not native English speakers. If it’s a falsehood, this would not be the first time malware makers have attempted to appeal to people’s better nature, either.

It’s worth pointing out, beyond the moral implications of sending ransomware to other potential victims, willfully distributing malware is illegal and in breach of the Computer Fraud and Abuse Act of 1986.

Editors' Recommendations