New Ransomware Offers to Restore Your Files for Free — If You Infect Two Friends

The days of random mischief on the internet are not over, but the most skilled hackers have moved on to more lucrative ventures. Stealing personal data and banking details has been a moneymaker for years, but more recently the threat of ransomware has appeared. These pieces of malware encrypt your files and won’t unlock them unless you pay, but the new “Popcorn Time” ransomware offers an alternative: Just infect some friends and you get your files back free.

This malicious piece of software is currently set up to find all files on the desktop and the Windows My Documents folder, then encrypt them with AES-256. Like all ransomware, Popcorn Time (not related to the BitTorrent-based streaming client) demands payment in Bitcoin in order to provide the encryption key to unlock your personal files. In this case, the price tag is one Bitcoin. That works out to $780 right now. The payment screen includes instructions on how to get Bitcoin and where to send it. There are various warnings about losing access to your files, and even a function that can delete your files completely if you enter the wrong decryption key four times.

If you’re short on cash and don’t mind being a jerk, the HTML payment screen gives you another option. There’s a link containing a unique ID that will download the malware when clicked (it resolves to a hidden TOR server). If you can get two other people to install that file — thus encrypting their files — and pay the ransom, you get your files decrypted for free.

The ID in the URL acts like a referral code you’d see in an Amazon link. The malware authors are essentially trying to recruit their victims to double the amount they make from a single infection. But what happens if one of those people infects two others? Do you get credit for that too, like some sort of extra-awful pyramid scheme? Now that’s innovation in terribleness.

The truly weird thing about ransomware is that the people behind the attack usually live up to their end of the bargain. If you pay the ransom, you get the decryption key and can restore your files. If not, the key is deleted and your data is gone forever. There have been cases where the key was not provided or the ransomware just demanded more money, but your only options are usually to pay or give up.

Security firms have been working to find the decryption keys to prominent ransomware infections, offering victims a free way to unlock their files. However, that’s of little help when new variants like Popcorn Time pop up. Your best bet is just to be careful what you install, and don’t open random Onion links sent to you by “friends.”


Source: Extreme Tech

Advertisements