Skip to content ↓ | Skip to navigation ↓

The developers behind a new strain of ransomware say they’ll decrypt a victim’s files for free if that user infects two of their friends.

First spotted by the security researcher MalwareHunterTeam, the in-development ransomware goes by the name Popcorn Time.

Don’t be fooled. It might bear the same name as an application that downloads and streams copyrighted movies, but it’s nothing like it.s

Upon successful installation, the ransomware checks to see if it’s ran on a victim’s computer before. If it has, Popcorn Time terminates. If it hasn’t, it either downloads images to use as backgrounds or starts the encryption process of files located in My Documents, My Pictures, My Music, and Desktop.

Popcorn Time displays a fake “Downloading and Installing” screen while it appends the .filock extension to every file it encrypts.

fake-installing-screen
Popcorn Time fake decryption screen (Source: Bleeping Computer)

Once the encryption process is complete, the ransomware displays its ransom note. This message says victims can decrypt their files one of two ways. On the one hand, they can pay the ransom of one Bitcoin (approximately 779 USD). On the other hand, they can choose to help distribute Popcorn Time.

Computer security expert Lawrence Abrams of Bleeping Computer explains in a blog post:

“…[T]he ransomware developer offers a ‘nasty way’ for a victim to get a free decryption key by having them help to spread the ransomware. If two people become infected via the victim’s ‘referral link’ and pay the ransom, then the victim will supposedly get a free key.”

refer-a-friend
Popcorn Time decryption options (Source: Bleeping Computer)

In either case, the authors agree to provide complying users with a decryption key. Victims who choose to use the code have four chances to enter it in correctly. If they get it wrong all four times, Popcorn Time might begin deleting their files.

The ransomware’s source code reveals the developers might eventually add a function to that effect.

Taken from BleepingComputer.com
Popcorn Time’s source code (Source: Bleeping Computer)

There is nothing worse than those who agree to help distribute ransomware to others. With that in mind, users should never help fund computer crime by agreeing to pay the ransom, and they should certainly never infect others with crypto-malware. Instead they should prepare themselves for a ransomware infection by regularly backing up their data, patching known vulnerabilities, and following some of these additional prevention tips.

They should also endeavor to learn as much as they can about ransomware by clicking here.