Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Ransomware Offers The Decryption Keys If You Infect Your Friends (bleepingcomputer.com)

Posted by EditorDavid on from the prisoner's-dilemma dept.

MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes: "With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their decryption key (potentially).
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?

20 of 236 comments (clear)

  1. Re:Well, then by bluegutang · · Score: 5, Insightful

    ^ Ignore previous comment, I'm a doofus who didn't carefully read the summary, much less the article.

  2. Easy by Alumoi · · Score: 3, Insightful

    Wipe and restore from backup. Nex!

    1. Re:Easy by 91degrees · · Score: 3, Insightful

      If people backed up, that would be a good suggestion...

      Seriously, they can probably weather the loss from the few people who are genuinely aware that you need to back this stuff up.

    2. Re:Easy by countach · · Score: 2

      I wonder if this might encrypt your backup while it's online though.

    3. Re:Easy by thegarbz · · Score: 2

      If people backed up, that would be a good suggestion...

      No it's the only suggestion.

      If they didn't backup then suggest it anyway then berate the idiots for their stupidity.

  3. Re:Well, then by Cryacin · · Score: 3, Funny

    Pfft. Been done before on VHS.

    Phone Rings:
    Creepy voice:"Seven days..."

    --
    Science advances one funeral at a time- Max Planck
  4. Easy solution by kaur · · Score: 2, Funny

    1) my boss
    2) my mother-in-law

    I see this as win-win-win situation.

  5. Re:Fucking Muslims by Kjella · · Score: 4, Informative

    I bet it blows your mind that the people they're fighting are also muslims.

    Because...?

    I was walking across a bridge one day, and I saw a man standing on the edge, about to jump. I ran over and said: "Stop. Don't do it."

    "Why shouldn't I?" he asked.

    "Well, there's so much to live for!"

    "Like what?"

    "Are you religious?"

    He said: "Yes."

    I said: "Me too. Are you Christian or Buddhist?"

    "Christian."

    "Me too. Are you Catholic or Protestant?"

    "Protestant."

    "Me too. Are you Episcopalian or Baptist?"

    "Baptist."

    "Wow. Me too. Are you Baptist Church of God or Baptist Church of the Lord?"

    "Baptist Church of God."

    "Me too. Are you original Baptist Church of God, or are you Reformed Baptist Church of God?"

    "Reformed Baptist Church of God."

    "Me too. Are you Reformed Baptist Church of God, Reformation of 1879, or Reformed Baptist Church of God, Reformation of 1915?"

    He said: "Reformed Baptist Church of God, Reformation of 1915."

    I said: "Die, heretic scum," and pushed him off.

    Religious wackos can rant and rave about people who believe in false gods or worse no gods at all, but worst of all are those who believe in a "perverted" version of their own god and those who've abandoned the faith. Not sure what your point is though, I care about how many people want to kill me, how many other people they want to kill is of lesser concern.

    --
    Live today, because you never know what tomorrow brings
  6. been_here by breun · · Score: 5, Interesting
    From the article:

    Once started, the Popcorn Time ransomware will check to see if the ransomware has been run already by checking for various files such as %AppData%\been_here and %AppData%\server_step_one. If the been_here file exists, it means the computer has already been encrypted and the ransomware will terminate itself. Otherwise, it will either download various images to use as backgrounds or start the encryption process.

    So, everyone should just make sure %AppData%\been_here and %AppData%\server_step_one exist? :)

  7. All part of the scam. by Gravis+Zero · · Score: 4, Insightful

    "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living."

    This is a brilliant twist on malware. These are not people from Syria but rather a story concocted to try and have you help them. It's basically, it's an alternate version of the "Nigerian Prince" that needs money to bribe his captors to release him. Logically, a person in a warzone cannot exchange bitcoin for money or goods which makes the whole thing implausible from the start. I would bet what when they tear the binary apart, they'll find that it's been compiled for the Russian locale.

    So what would you do if this ransomware infected your files?

    A) wipe your system
    B) load Linux instead of Windows
    C) restore files from backups

    --
    Anons need not reply. Questions end with a question mark.
  8. Re:Oh Yeah, your so poor by Bonobo_Unknown · · Score: 4, Funny

    Teach a man to phish...

    --
    We don't believe in radical loony monotheistic religions from the middle east -- we're Christians.
  9. Re:Well, then by msauve · · Score: 4, Insightful

    "So what would you do if this ransomware infected your files?"

    No, the answer is not paying a ransom, or infecting friends (or VMs). The correct answer is to reformat the storage and restore from a backup.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  10. Re:I would restore by Wycliffe · · Score: 4, Insightful

    In the unlikely event this actually would happen, then I would restore.

    My backups are secure. So I would restore from a backup. That wasn't too hard was it?

    Backups work great for random acts of god but not necessarily for ransomware. It would be fairly trivial to create ransomware that slept a random amount of time before encrypting your files or even worse encrypt your files and then continue to function like normal for several weeks before alerting you. By that time, all your backups are also infected and even if you have a really old backup you won't have any of the recent stuff from that last several weeks or months since the initial infection. For all the people on here that are bragging about backups, even if you catch it the same day and restore it is still a huge pain and chances are if written properly it could easily be written in a way that the backups are also infected.

  11. Popcorn Time? by oshkrozz · · Score: 2

    Based on the title I think we know exactly who is behind this Malware don't have to look farther then MPAA for the funding of this program.

  12. Re:Well, then by Cryacin · · Score: 3, Funny

    I wonder how many Linux people have two friends to infect?

    Necessity drives innovation.

    --
    Science advances one funeral at a time- Max Planck
  13. Re:When did popcorn time become malware? by MayeulC · · Score: 2

    Popcorn time was an open source experiment, and was completely shut down (afaik) following some legal threats. Naturally, and predictably, this spun off countless forks of various quality and with varying ethical standards.

    The name is probably just a clickbait to trick more users into installing the malware.

    IMHO the movie industry should have embraced the popcorn time distribution model, maybe with some encryption, and make the content paid-for/ads-subsidized (that's just an example, there are countless of other ways to monetize such a product, some of which are better than others). Use the brand/Name recognition to bootstrap the next-gen movie content distribution platform (think steam). Sign me up!

  14. Reformation of 1879 by MightyDrunken · · Score: 2

    Shows you what scum the Reformed Baptist Church of God, Reformation of 1879 are.

    --
    The most dangerous drug
  15. Re:Well, then by JustAnotherOldGuy · · Score: 2

    Yeah every now and then I'll see a full screen Chrome pop up claiming to have encrypted everything (and that they're the FBI, and can be paid via Wahlgreens gift cards or some nonsense)

    Lol, yes, my neighbor saw this on his Chromebook and brought it over to my place in a panic.

    I asked him if he thought the FBI really took payments, and if so, that they would take them by Western Union or iTunes cards or whatever. lol

    We closed the tab and he went back home a little bit wiser. Not much, but a little bit.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  16. Re:Well, then by Cro+Magnon · · Score: 2

    Both my friends are deadbeats. :(

    --
    Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  17. Pyramid scheme? by onemorechip · · Score: 4, Funny

    Sounds a lot like a pyramid scheme -- this could be illegal.

    --
    But, I wanted socialized health insurance!