Slashdot Mirror
New Ransomware Offers The Decryption Keys If You Infect Your Friends (bleepingcomputer.com)
MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes:
"With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their decryption key (potentially).
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?
^ Ignore previous comment, I'm a doofus who didn't carefully read the summary, much less the article.
Wipe and restore from backup. Nex!
"a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living."
This is a brilliant twist on malware. These are not people from Syria but rather a story concocted to try and have you help them. It's basically, it's an alternate version of the "Nigerian Prince" that needs money to bribe his captors to release him. Logically, a person in a warzone cannot exchange bitcoin for money or goods which makes the whole thing implausible from the start. I would bet what when they tear the binary apart, they'll find that it's been compiled for the Russian locale.
So what would you do if this ransomware infected your files?
A) wipe your system
B) load Linux instead of Windows
C) restore files from backups
Anons need not reply. Questions end with a question mark.
"So what would you do if this ransomware infected your files?"
No, the answer is not paying a ransom, or infecting friends (or VMs). The correct answer is to reformat the storage and restore from a backup.
"National Security is the chief cause of national insecurity." - Celine's First Law
In the unlikely event this actually would happen, then I would restore.
My backups are secure. So I would restore from a backup. That wasn't too hard was it?
Backups work great for random acts of god but not necessarily for ransomware. It would be fairly trivial to create ransomware that slept a random amount of time before encrypting your files or even worse encrypt your files and then continue to function like normal for several weeks before alerting you. By that time, all your backups are also infected and even if you have a really old backup you won't have any of the recent stuff from that last several weeks or months since the initial infection. For all the people on here that are bragging about backups, even if you catch it the same day and restore it is still a huge pain and chances are if written properly it could easily be written in a way that the backups are also infected.