Popcorn Time ransomware invites you to get ‘nasty’ to recover your files

Are you so desperate to recover from a ransomware attack that you would infect other computer users?

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Popcorn ransomware

Want to fix your ransomware-hit computer but don’t want to pay up for the decryption key?

Well, as Bleeping Computer describes, the Popcorn Time ransomware has an answer for you. If you want your files back, but won’t/can’t pay the ransom the ransomware’s operators will give you free decryption keys if you infect your friends via referral links.

Dirty tricks

Yep, the bad guys behind Popcorn Time say that if you manage to infect two other people with their malware and if they then pay the ransom, then you’ll be able to get your decryption key.

Oh, and congratulations by the way. As well as becoming an affiliate of a ransomware gang, you’ve just committed a criminal act.

Sign up to our free newsletter.
Security news, advice, and tips.

I hope no-one would be so dumb as to risk earning a criminal record (and potentially a prison sentence) by infecting someone else’s computer with ransomware, but then we all know far too well that people are prepared to do terrible things via the internet that they would never consider doing to someone face-to-face.

Oh, and by the way, how do you know the ransomware’s authors will honour their offer and send you the decryption key for infecting more users? After all, they’ve already proven themselves to be scumbags by spreading Popcorn Time in the first place. They’re hardly the most trustworthy people on the planet.

Don’t become a ransomware affiliate. Protect your computer with a layered defence, and get a proper backup regime up and running for goodness sake.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

8 comments on “Popcorn Time ransomware invites you to get ‘nasty’ to recover your files”

  1. Rajiv

    Always enjoy reading your write ups. Thanks!

  2. Tony

    I'd suggest that you spin up a couple of VMs, infect them yourself, and bag a free decryption key at no one else's expense. Bosh.

    1. Graham CluleyGraham Cluley · in reply to Tony

      Infecting others isn't enough to earn you the decryption key. The new victims also have to pay up.

      And, as Kevin says, a lot of malware refuses to run in VM environments anyway in an attempt to avoid analysis.

      1. Bob · in reply to Graham Cluley

        Exactly so, Graham.

        It is sometimes possible to trick the malware into thinking that it's running in a real environment but that's something that's best left to the experienced investigators.

        Malware like this is another justification for running a compartmentalised OS. Take a look at Qubes* if you've not heard of it. It's probably well outside the scope of this blog but essentially you have a different 'virtual' desktop for each task: each of which is isolated and sandboxed from each other.

        For example:

        Desktop 1 – Banking
        Desktop 2 – Social Media
        Desktop 3 – Email
        Desktop 4 – Games
        Desktop 5 – Everyday Internet
        Desktop 6 – Risky Internet (e.g. Torrents)
        Desktop 7 – Offline Use (e.g. Word Processing) (No access to network adaptor)

        It's not for everybody and that's just a basic explanation of how it works however it exponentially increases your security and makes it almost impossible for malware to get a hold (you can always just delete the instance (infected desktop) if this happens)).

        * https://www.qubes-os.org/

      2. Tony · in reply to Graham Cluley

        Oh, my bad, I'll get the hang of this reading skill soon.

  3. Kevin

    I thought the same thing, Tony, but lots of these horrendous programs don't execute in a VM environment, they know there is a chance it is being analysed… so just dig out two crappy old laptops/raspberry pi's/whatever and infect those? :)

  4. Nick

    This is a different Popcorn Time to the one most people are familiar with. To avoid confusion, it would be worth including in your article this statement from the Bleeping Computer article you refer to:
    "It should be noted, that this ransomware is not related to the Popcorn Time application that downloads and streams copyrighted movies."

  5. Topiux

    ElevenPaths discovers the Popcorn ransomware passwords: no need to infect other people to decrypt for free http://blog.elevenpaths.com/2016/12/elevenpaths-discovers-popcorn.html

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.