Slashdot Mirror
New Ransomware Offers The Decryption Keys If You Infect Your Friends (bleepingcomputer.com)
MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes:
"With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their decryption key (potentially).
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?
Your "friends" don't have to be human. Get two blank hard drives, or even VMs on your favorite cloud server, and make those your "friends". They will be locked forever, but you can just wipe them and not lose any data.
Still a nasty trick though.
In the unlikely event this actually would happen, then I would restore.
My backups are secure. So I would restore from a backup. That wasn't too hard was it?
Wipe and restore from backup. Nex!
Who is going to save me from this dangerous hack?
What? Windows only?
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Popcorn_Time" [path_to]\popcorn_time.exe
Oh?
Haven't used Windows in years. Never mind, carry on...
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
aiding and abetting cyber-terrorists to decrypt your porn stash... gonna have a bad time :P
... but genius at the same time.
""all the money that we get goes to food, medicine, shelter to our people"
Bombs, guns, and support of terrorism in the West more like
A starving man steals bread, not money. Let the thieves starve. They'll just give it to ISIS anyway.
Sounds like a plot for the series...
So say we all
The best way I've found to avoid malware is to avoid people who have malware. No friends for me. I'm malware free.
I will format the harddrive,
re-install the OS do my best to ensure that everything is OK,
Install the crashplan agent,
take the USB drive from the closet and restore my data from that,
restore the data that I created after last USB backup from Crashplan.
Infect the world and everybody gets a free encryption key.
Why am I not surprised?
> So what would you do if this ransomware infected your files?
As far as I'm concerned, this no different than if the media where the files are stored had caught fire or was exposed to some other destructive calamity.
For all intents and purposes your files are gone, act accordingly.
There are a lot of people who backup to a network share, and others who keep only one copy of backups. Most ransomware will encrypt network shares as well. People who have only one copy are hoping nothing goes wrong at night; in the morning they'll have two copies pg garbage.
I created a backup / warm spare system based on read-only rsync pull to a remote server that keeps several de-duplicated copies, and makes each backup bootable as a VM. I called it Clonebox.
If you have another PC laying around, back it up, infect it. reinstall, infect it. and then get the free key. lol. I wonder how they determine that you have infected two other people.
But of course the real answer is to hunt down the bastards and slit their throats.
1) my boss
2) my mother-in-law
I see this as win-win-win situation.
The claim by the perpetrators is sure to touch them. You just need two to take the bait and you might be off the hook. If the perps don't honor the deal, it's still funny.
Oh yeah, your so poor that to make ends meet you use expensive computer equipment to develop Ransomware to then infect people in the hope they cough up some dosh. WHY don't you just sell your IT equipment instead.
So, everyone should just make sure %AppData%\been_here and %AppData%\server_step_one exist? :)
Probably restore from last full backup. You do have backups, right?
-- Gaxx
"a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living."
This is a brilliant twist on malware. These are not people from Syria but rather a story concocted to try and have you help them. It's basically, it's an alternate version of the "Nigerian Prince" that needs money to bribe his captors to release him. Logically, a person in a warzone cannot exchange bitcoin for money or goods which makes the whole thing implausible from the start. I would bet what when they tear the binary apart, they'll find that it's been compiled for the Russian locale.
So what would you do if this ransomware infected your files?
A) wipe your system
B) load Linux instead of Windows
C) restore files from backups
Anons need not reply. Questions end with a question mark.
Do they mean "friends" or people I have in my address book. There's a difference; a very distinct one.
" We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." - I did interrogate a murderer once who used this excuse for killing his victims after a robbery. I'm sure that made everyone fell just as warm and fuzzy as it did for that sociopath...
2) Infect VMs 3)??? 4) Cha ching?
I think some of the political parties could use some help with encryption.
Perhaps I can catch me some trolls. All I have to do is snooker them into going to the link and installing the ransomware on their machine. I'll just call it "a personal message from Putin on how you can help make Russia Great Again."
so this is how united stated is doing to take all middle east money? with a prank?
You care about the files on the net?
Seriously... it's like Amway. Or maybe it's the Herbalife virus.
Why isn't it mentioned anywhere the ransomware works on Windows and only on Windows? Is it to avoid another Windows-bashing? Or is it that obvious?
Slashdot, fix the reply notifications... You won't get away with it...
FOAD to the dirty crooks, break out the live USB Linux distro of gparted, wipe the drive with --sgdisk-zap-all /dev/sda then put in a new filesystem, reinstall my favorite flavor or Linux, and be glad i keep all my personal stuff on another USB thumbdrive
Politics is Treachery, Religion is Brainwashing
Based on the title I think we know exactly who is behind this Malware don't have to look farther then MPAA for the funding of this program.
Ask my government to nuke all Muslims.
But now I'm Swede so I'm not allowed to and we don't have any nukes anyway :D
If I ever met them, I WOULD KICK THEIR ASS. Lameness filter encountered. Post aborted! Filter error: Don't use so many caps. It's like YELLING.
Copyright (c) 1990 - 2014 Dice. All rights reserved. Use of this comment is subject to certain Terms and Conditions.
Hey guys, any of you want to try out this fantastic new software I've just got, let me give you a link, you can download it for free.
"That's the way to do it" - Punch
I must have been napping. When did popcorn time change from a pirate movie operation to a malware site. Early this year I was shocked when I found the long time legitimate Vuze bit torrent client switched to a malware model. (they infect your browser so adds pop up and redirects your pages to yahoo sites-- they admit they did this on their blog as a revenue measure as though that makes it legit.)
Also when did Ozzy become and actor?
See subject - By stalling it's network communication as follows:
0.0.0.0 3hnuhydu4pd247qb.onion
0.0.0.0 popcorn-time-free.net
* Using those entries in your custom hosts file to block communication with them...
(SOURCE = https://www.bleepingcomputer.c... )
APK
P.S.=> For more protection + more speed & anonymity online via hosts files, see APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk
See subject - By stalling it's network communication as follows:
0.0.0.0 3hnuhydu4pd247qb.onion
0.0.0.0 popcorn-time-free.net
* Using those entries in your custom hosts file to block communication with them...
(SOURCE = https://www.bleepingcomputer.c... )
APK
P.S.=> For more protection, speed & anonymity online via hosts files, see APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk
Shows you what scum the Reformed Baptist Church of God, Reformation of 1879 are.
The most dangerous drug
See subject - By stalling it's network communication as follows:
0.0.0.0 3hnuhydu4pd247qb.onion
0.0.0.0 popcorn-time-free.net
* Using those entries in your custom hosts file to block communication with them...
(SOURCE = https://www.bleepingcomputer.c... )
APK
P.S.=> For more protection, speed & anonymity online via hosts files vs. this & other online threats, see APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ ... apk
Since I do backups nightly on all home machines - format reinstall
no matter how good it is, it is human nature always wants to make things better
It works here just fine to block this threat & you know it - end of subject/period.
APK
P.S.=> You little unidentifiable anonymous posting fools keep making me look GOOD - thanks! apk
I have wondered about this for a while. These groups can't use cash due to it being easy to track in the mail and needing to receive the cash, They also can't do credit cards since that could be traced almost immediately and the account seized.
Does ransomware work on the scale it exists today or larger without crypto-currency? Right now I can't think of any way to have it work on a large scale without crypto-currency.
If ransomware really can't work without crypto-currency then this would have to be factored in as part of the cost of crypto-currency and it should be seriously looked at to decide if the costs are worth the benefits of the currency. I know we could not truly get rid of crypto-currency but if western countries did not allow any financial institutions to convert to or from crypto-currency and companies where banned from accepting it or paying that would effectively kill the currency.
Of course if ransomware could work fine without crypto-currency a different course of action is needed. I just see a systemic flaw right now that allows ransomware and attacking users is not going to fix the issue. Like all large scale issues if the flaw is systemic it must be fixed at the system level not at the user level. OS mitigation strategies should be seriously looked at also. Any application that tries to change large numbers of user files should be stopped quite quickly for suspicious activity.
Computer modeling for biotech drug manufacturing is HARD!
"So what would you do if this ransomware infected your files?"
I'd restore from backups.
Just cruising through this digital world at 33 1/3 rpm...
Now ransomware has gained a new delightful social aspect
Appears we're looking at the unholy spawn of ransom-ware and multi-level-marketing. Fetch holy water and an axe.
It sounds like someone has watched Ringu too many times.
When someone says, "Any fool can see
With friends like those, who needs Putin?
Sounds a lot like a pyramid scheme -- this could be illegal.
But, I wanted socialized health insurance!
See subject: You said it - how would he send it if he can't get it? Can't be hurt by what you can't touch in the 1st place - hosts do that for you per the blocking entries I noted (& even IF you were already infested? This malicious threat can't "talk back to mama" in its C&C network either - double bonus!) - you can't even BECOME the "original victim" by blocking this thing out in the 1st place!
(... & "there ya go" - but I am totally for your backups solution (do it myself daily))
As far as email/spam/phish payloads (were it done thus)? Malicious links/hosts-domains get blocked by there hosts too (junkmail, in THIS capacity, is EXTREMELY useful to me regarding hosts).
APK
P.S.=> Lastly - w/ "friends" like that? Who needs enemies, lol - pick BETTER 'friends' man... apk
You know in your heart it's what's required
See subject & you can't manage that here https://it.slashdot.org/comments.pl?sid=9982895&cid=53468617/ can you? Obviously not, lol!
* You know that's what's REALLY required from unidentifiable anonymous trolls such as yourself but it's IMPOSSIBLE for your inferior brains to manage, lmao!
APK
P.S.=> Thanks for making ME look GOOD, & those of "your kind" (mere "ne'er-do-well" do-nothings) look, well - rotflamo "not so good" by comparison to myself... apk
...I never do. But I do get warm fuzzies inside knowing that you have internalised SPH and understand why its necessary. If only you would *act* on this understanding, your immediate circle would be so grateful. You could give up this OC /. behavior. Hell, you might even make enough of a recovery to start creating useful software - wouldn't that be a wonderful new achievement?
See subject & prove me validly technically wrong in my original post as you're challenged to + FAIL in https://it.slashdot.org/comments.pl?sid=9982895&cid=53470817/
* Once again, thanks for making ME look GOOD & yourself like the effete unidentifiable cowardly + apparently illiterate STOOGE you clearly are, lol!
APK
P.S.=> I get the "warm fuzzies" looking @ you wasting your time apparently suffering delusions of grandeur on your part thinking you're a psychiatric pro as you attempt to libel me... apk
I created a backup / warm spare system based on read-only rsync pull to a remote server that keeps several de-duplicated copies, and makes each backup bootable as a VM. I called it Clonebox.
Do you have a HOWTO or similar? I want to set up something like this with a new server (best practices from the start, so I hope)
Right now I can't release the documentation because the company I used to work for sells it, with off-site backups to their cloud. If you remind me a month from now, I may be able to release something.
Done and done.
I think it would be a much better solution to pool your resources with others being affected by this extortion and use those bitcoins to hire an assassin to make sure these people no longer have to worry about committing crimes to live.
It's easy to include code that installs registry keys or configuration files on a computer, keeping the malware alive: Recovering the damaged files from a backup isn't enough. There's also removing the malware and the source of (recurring) infection. How many non-tech people backup personal data? How many can install Windows and configure it to their preferred settings? In my social circle that count is zero and that is why this sort of extortion keeps appearing. As a worst case scenario, 2^(n)-1 people will have carried the infection to 2^n people who will have to pay the ransom or lose their digital history (making a total infected population of 2^(n+1)-1 people).
Presumably, the pyramid scheme portion of the reward means if all your friends have already infected one another, you've lost your data. Reward the criminals and externalize your problems onto the people closest to you: How many people will act like a drug addict to keep their digital history safe? It's both an ethical dilemma and an exercise in game theory. The game questions include 'What if your friends discover your crime?' 'What if your friends then attempt to infect you (possibly revealing you as the source of the infection)?', 'Can the carriers hide the fact they didn't pay the ransom?', 'Will the malware admit your friend enabled the infection?'.
So what would you do if this ransomware infected your files
Simple: I'd restore from my backups. Don't have backups? Then you are a fool.
The USS proposal (similar to UBI) could really benefit from several examples showing various families. Not the generic "a family in 10% blah blah" but "Joe and Jane earning a combined $127,000/hr could see X." Or better yet, an online calculator that lets people plug in their own numbers.
See subject: It works here, bottom-line & since you ask? My sources in my program (10 of em) & 5 more I use that update even more frequently are pretty "ontop of their game" that way (they find them fast) + another 13 security sites (e.g. ESET, palo alto networks, CISCO, F-secure, bleeping computer, secureworks, gary warner's blog, fireeye, shadowserver & securelist) do the rest, quickly!
Plus, DNS' 24 propogation lag + odds (of not hitting the malicious spots) works in my favor as well (as it does anyone else).
APK
P.S.=> Nothing's perfect & nothing does it all - BUT, hosts do FAR more for FAR less vs. other "so-called 'solutions'" that are riddled w/ security issues + inefficiency (locally installed DNS/antivirus) OR don't work fully ("AlmostALLAdsBlocked") by default, deceitfully no longer doing the job they're intended to do... apk
Or could I include an enemy or two as well? Can the "friends" include VMs of which I just took a rollback snapshot a few moments ago?
I would kill the power from the cable and give the system a "hard bounce" if I saw something like that.
I would then take the drive and slave it in a box running a very different kind of OS.
If you are lucky the hard bounce kept the encryption attempt from being able to take hold from a graceful restart.
At that point you should be able to get the files you need off the drive.
Format. Reinstall, restore , or whatever your back-up solution is.
"So what would you do if this ransomware infected your files?"
I would dance around, post on Facebook and make a selfie post about stupid computer not working.
If none of that helped, I would press the on/off button until it falls off and buy a new windows computer. /s
It has been like three or four years now since I made the switch to keeping all my important stuff in the cloud (mostly Dropbox). That, combined with all my games being on Steam/GOG, means that if my computer/hard-drive suddenly dies, I don't lose anything. Same if my phone gets stolen.
hey Muslims are just like us, enjoying parties and so on.
Is there any other option?
See subject & this link PROVING hosts solve this issue https://it.slashdot.org/comments.pl?sid=9982895&cid=53468617/ which you can't prove wrong.
* Superior Hosts File works here = Ess Pee Aitch/SPH, lol!
APK
P.S.=> Thanks for trolling me by unidentifiable anonymous posts (which you're reduced to as you can't validly technically prove me wrong & hosts work here) proving me YOUR SUPERIOR, again as always - lol!... apk
So what would you do if this ransomware infected your files?
I would find considerable pleasure in hunting down the instigator.
I didnt read your post.
Do you disagree that continuously bookmarking all these comments and obsessively responding is symptomatic of a mental health issue? You should ask that same question of a health professional. I'm responding as a genuine effort to get you to seek the help you need. Why are you responding exactly?
Here comes two quick VM's, "proof of infection", and 2 very deleted VM's after the fact.
Next.
You didn't reply to my last response. I'd love to believe it's because you finally did SPH!
I defend myself via facts you can't prove wrong (hosts work here) https://it.slashdot.org/comments.pl?sid=9982895&cid=53468617/ you unidentifiable anonynmous "ne'er-do-well" that projects his own mental issues onto others.
APK
P.S.=> Hosts work vs. this threat & that's that... apk
See subject & you can't disprove hosts work vs. this threat https://it.slashdot.org/comments.pl?sid=9982895&cid=53468617/ unidentifiable ac "ne'er-do-well" cowardly troll that you are. You lose as always. It's just what you do!
APK
P.S.=> Grow up loon... apk
Surprisingly slow in your "response" - your OC obligations getting to be a bit of a strain? It's another reason why you need to SPH. Maybe once you've overcome your illness you will at last be able to fulfill your ambition of creating code that actually works well - wouldn't that be satisfying?
See subject & this article's topic + how Superior Hosts Files stop it https://it.slashdot.org/comments.pl?sid=9982895&cid=53468617, you imbecilic little troll.
* Argue w/ the facts in that link I just posted & by the way: YOU'RE NO PSYCHIATRIC PRO "Dr. Quack 'SiDeWaLk-ShRiNk of /." (laboring under your own "delusions of grandeur", lol) - you fail!
APK
P.S.=> Badly - yes, LOL, I am LAUGHING @ YOU as usual... apk
Maybe ask santa for some funds to help you SPH?
See subject & this link's undeniable truth (you LOSE, loser - grow up & get on topic) https://it.slashdot.org/comments.pl?sid=9982895&cid=53507817/ hosts work here. End of subject.
APK
See subject & this link's undeniable truth (you LOSE, loser - grow up & get on topic) https://it.slashdot.org/comments.pl?sid=9982895&cid=53507817/ hosts work here. End of subject.
APK