PopcornTime (Ransomware): Pay or infect your friends’ PCs

A new piece of malware that offers users its decryption key if they send it to two other acquaintances was outed yesterday by white-hat activists MalwareHunterTeam. They identified the ransomware as PopcornTime.

Even though it shares the name with the popular streaming service for torrented movies and TV shows, the malware is completely unrelated to it. Infected victims have the choice to forward it, or pay a sum close to one Bitcoin ($780).

MalwareHunterTeam reported once it was in the system the ransomware would prompt the user to enter a password they can obtain by paying the ransom or by sending the malware to someone else.

If a user gets it wrong four times, they lose all the information encrypted in their computers.

People can infect two other computers to save their data 

The virus offers a referral TOR link users can send to two other people for them to get the virus as well. That screen states that “if two or more people will install this file and play, we will decrypt your files for free.”

The theory is that hackers would check a newly linked computer to see if someone referred it. After that, he or she would send the original key to the first victim. This tactic, like all others, offers no guarantee which makes it one of most dangerous currently on the web.

MalwareHunterTeam reported they caught an earlier version of the malware. The program they found is still at a development stage. So far, no victims have reported this type of hacking.

How does ‘PopcornTime’ work?

PopcornTime first checks if a computer has been affected before with another version of itself by accessing its core folders.

The first beta version discovered targeted a folder on the desktop called ‘Efiles,’ searching for archives with specific extensions and rendering them unusable with AES-256 encryption.

The malware code, as of today, reportedly received an update that allows it to attack folders like ‘My Documents,’ ‘My Pictures,’ the Desktop, and more.

The Advanced Encryption Standard (AES) is a specification for file encryption related to another cipher developed by Belgium cryptographers. AES comes in three lengths, 128, 192, and 256 bits, the latter being the hardest to decrypt.

Ransomware is the most common cyberthreat nowadays

This ransomware performs full file encryption and poses a paramount risk to a user’s vital data, but there are many ways to protect significant information from these kinds of attacks.

Ransomware is currently the most used hacking-for-profit malware on the web, even prompting Europol and cyber security giant Kaspersky to band together in an anti-ransomware organization, along with the Dutch National High Tech Crime Unit (NHTCU).

Recent scandals involving these type of malware include the large-scale hacking of the San Francisco Light Rail system, and the ‘Locky’ virus reported to infect Facebook Messenger.

Source: Bleeping Computer