Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Ransomware Offers The Decryption Keys If You Infect Your Friends (bleepingcomputer.com)

Posted by EditorDavid on from the prisoner's-dilemma dept.

MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes: "With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their decryption key (potentially).
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?

9 of 236 comments (clear)

  1. Well, then by bluegutang · · Score: 1, Insightful

    Your "friends" don't have to be human. Get two blank hard drives, or even VMs on your favorite cloud server, and make those your "friends". They will be locked forever, but you can just wipe them and not lose any data.

    Still a nasty trick though.

    1. Re:Well, then by bluegutang · · Score: 5, Insightful

      ^ Ignore previous comment, I'm a doofus who didn't carefully read the summary, much less the article.

    2. Re:Well, then by msauve · · Score: 4, Insightful

      "So what would you do if this ransomware infected your files?"

      No, the answer is not paying a ransom, or infecting friends (or VMs). The correct answer is to reformat the storage and restore from a backup.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  2. Easy by Alumoi · · Score: 3, Insightful

    Wipe and restore from backup. Nex!

    1. Re:Easy by 91degrees · · Score: 3, Insightful

      If people backed up, that would be a good suggestion...

      Seriously, they can probably weather the loss from the few people who are genuinely aware that you need to back this stuff up.

  3. Re:oooooh I am scared... by Maritz · · Score: 1, Insightful

    lol. Don't break an arm patting yourself on the back just because you don't use windows.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  4. Re:Starve! by Maritz · · Score: 1, Insightful

    If you watch a film, do you have to constantly ask other people in the room what's going on? It kinda sounds like you must. To be this confused about real world stuff, I'd have thought you'd need to be about seven years old or something.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  5. All part of the scam. by Gravis+Zero · · Score: 4, Insightful

    "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living."

    This is a brilliant twist on malware. These are not people from Syria but rather a story concocted to try and have you help them. It's basically, it's an alternate version of the "Nigerian Prince" that needs money to bribe his captors to release him. Logically, a person in a warzone cannot exchange bitcoin for money or goods which makes the whole thing implausible from the start. I would bet what when they tear the binary apart, they'll find that it's been compiled for the Russian locale.

    So what would you do if this ransomware infected your files?

    A) wipe your system
    B) load Linux instead of Windows
    C) restore files from backups

    --
    Anons need not reply. Questions end with a question mark.
  6. Re:I would restore by Wycliffe · · Score: 4, Insightful

    In the unlikely event this actually would happen, then I would restore.

    My backups are secure. So I would restore from a backup. That wasn't too hard was it?

    Backups work great for random acts of god but not necessarily for ransomware. It would be fairly trivial to create ransomware that slept a random amount of time before encrypting your files or even worse encrypt your files and then continue to function like normal for several weeks before alerting you. By that time, all your backups are also infected and even if you have a really old backup you won't have any of the recent stuff from that last several weeks or months since the initial infection. For all the people on here that are bragging about backups, even if you catch it the same day and restore it is still a huge pain and chances are if written properly it could easily be written in a way that the backups are also infected.