Slashdot Mirror
New Ransomware Offers The Decryption Keys If You Infect Your Friends (bleepingcomputer.com)
MalwareHunterTeam has discovered "Popcorn Time," a new in-development ransomware with a twist. Gumbercules!! writes:
"With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key," writes Bleeping Computer. Infected victims are given a "referral code" and, if two people are infected by that code and pay up -- the original victim is given their decryption key (potentially).
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?
While encrypting your files, Popcorn Time displays a fake system screen that says "Downloading and installing. Please wait" -- followed by a seven-day countdown clock for the amount of time left to pay its ransom of one bitcoin. That screen claims that the perpetrators are "a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living." So what would you do if this ransomware infected your files?
^ Ignore previous comment, I'm a doofus who didn't carefully read the summary, much less the article.
I bet it blows your mind that the people they're fighting are also muslims.
Because...?
I was walking across a bridge one day, and I saw a man standing on the edge, about to jump. I ran over and said: "Stop. Don't do it."
"Why shouldn't I?" he asked.
"Well, there's so much to live for!"
"Like what?"
"Are you religious?"
He said: "Yes."
I said: "Me too. Are you Christian or Buddhist?"
"Christian."
"Me too. Are you Catholic or Protestant?"
"Protestant."
"Me too. Are you Episcopalian or Baptist?"
"Baptist."
"Wow. Me too. Are you Baptist Church of God or Baptist Church of the Lord?"
"Baptist Church of God."
"Me too. Are you original Baptist Church of God, or are you Reformed Baptist Church of God?"
"Reformed Baptist Church of God."
"Me too. Are you Reformed Baptist Church of God, Reformation of 1879, or Reformed Baptist Church of God, Reformation of 1915?"
He said: "Reformed Baptist Church of God, Reformation of 1915."
I said: "Die, heretic scum," and pushed him off.
Religious wackos can rant and rave about people who believe in false gods or worse no gods at all, but worst of all are those who believe in a "perverted" version of their own god and those who've abandoned the faith. Not sure what your point is though, I care about how many people want to kill me, how many other people they want to kill is of lesser concern.
Live today, because you never know what tomorrow brings
So, everyone should just make sure %AppData%\been_here and %AppData%\server_step_one exist? :)
"a group of computer science students from Syria," and that "all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living."
This is a brilliant twist on malware. These are not people from Syria but rather a story concocted to try and have you help them. It's basically, it's an alternate version of the "Nigerian Prince" that needs money to bribe his captors to release him. Logically, a person in a warzone cannot exchange bitcoin for money or goods which makes the whole thing implausible from the start. I would bet what when they tear the binary apart, they'll find that it's been compiled for the Russian locale.
So what would you do if this ransomware infected your files?
A) wipe your system
B) load Linux instead of Windows
C) restore files from backups
Anons need not reply. Questions end with a question mark.
Teach a man to phish...
We don't believe in radical loony monotheistic religions from the middle east -- we're Christians.
"So what would you do if this ransomware infected your files?"
No, the answer is not paying a ransom, or infecting friends (or VMs). The correct answer is to reformat the storage and restore from a backup.
"National Security is the chief cause of national insecurity." - Celine's First Law
In the unlikely event this actually would happen, then I would restore.
My backups are secure. So I would restore from a backup. That wasn't too hard was it?
Backups work great for random acts of god but not necessarily for ransomware. It would be fairly trivial to create ransomware that slept a random amount of time before encrypting your files or even worse encrypt your files and then continue to function like normal for several weeks before alerting you. By that time, all your backups are also infected and even if you have a really old backup you won't have any of the recent stuff from that last several weeks or months since the initial infection. For all the people on here that are bragging about backups, even if you catch it the same day and restore it is still a huge pain and chances are if written properly it could easily be written in a way that the backups are also infected.
Sounds a lot like a pyramid scheme -- this could be illegal.
But, I wanted socialized health insurance!