Want to fix your ransomware-hit computer but don’t want to pay up for the decryption key?
Well, as Bleeping Computer describes, the Popcorn Time ransomware has an answer for you. If you want your files back, but won’t/can’t pay the ransom the ransomware’s operators will give you free decryption keys if you infect your friends via referral links.
Yep, the bad guys behind Popcorn Time say that if you manage to infect two other people with their malware and if they then pay the ransom, then you’ll be able to get your decryption key.
Oh, and congratulations by the way. As well as becoming an affiliate of a ransomware gang, you’ve just committed a criminal act.
I hope no-one would be so dumb as to risk earning a criminal record (and potentially a prison sentence) by infecting someone else’s computer with ransomware, but then we all know far too well that people are prepared to do terrible things via the internet that they would never consider doing to someone face-to-face.
Oh, and by the way, how do you know the ransomware’s authors will honour their offer and send you the decryption key for infecting more users? After all, they’ve already proven themselves to be scumbags by spreading Popcorn Time in the first place. They’re hardly the most trustworthy people on the planet.
Don’t become a ransomware affiliate. Protect your computer with a layered defence, and get a proper backup regime up and running for goodness sake.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
8 comments on “Popcorn Time ransomware invites you to get ‘nasty’ to recover your files”
Always enjoy reading your write ups. Thanks!
I'd suggest that you spin up a couple of VMs, infect them yourself, and bag a free decryption key at no one else's expense. Bosh.
Infecting others isn't enough to earn you the decryption key. The new victims also have to pay up.
And, as Kevin says, a lot of malware refuses to run in VM environments anyway in an attempt to avoid analysis.
Exactly so, Graham.
It is sometimes possible to trick the malware into thinking that it's running in a real environment but that's something that's best left to the experienced investigators.
Malware like this is another justification for running a compartmentalised OS. Take a look at Qubes* if you've not heard of it. It's probably well outside the scope of this blog but essentially you have a different 'virtual' desktop for each task: each of which is isolated and sandboxed from each other.
Desktop 1 – Banking
Desktop 2 – Social Media
Desktop 3 – Email
Desktop 4 – Games
Desktop 5 – Everyday Internet
Desktop 6 – Risky Internet (e.g. Torrents)
Desktop 7 – Offline Use (e.g. Word Processing) (No access to network adaptor)
It's not for everybody and that's just a basic explanation of how it works however it exponentially increases your security and makes it almost impossible for malware to get a hold (you can always just delete the instance (infected desktop) if this happens)).
Oh, my bad, I'll get the hang of this reading skill soon.
I thought the same thing, Tony, but lots of these horrendous programs don't execute in a VM environment, they know there is a chance it is being analysed… so just dig out two crappy old laptops/raspberry pi's/whatever and infect those? :)
This is a different Popcorn Time to the one most people are familiar with. To avoid confusion, it would be worth including in your article this statement from the Bleeping Computer article you refer to:
"It should be noted, that this ransomware is not related to the Popcorn Time application that downloads and streams copyrighted movies."
ElevenPaths discovers the Popcorn ransomware passwords: no need to infect other people to decrypt for free http://blog.elevenpaths.com/2016/12/elevenpaths-discovers-popcorn.html