Ransomware is Evolving

And it’s not pretty

Researchers have uncovered a new, insidious ransomware, presumptively still under development, that makes the cyber threats of yesterday seem downright kind.

The ransomware, called Popcorn Time, includes a novel and nasty twist: infected victims are given the option to pay the ransom or infect two others using a referral link. If the two new victims pay the ransom, the original target receives a free key to unlock their files.

According to this article, the code was examined by Lawrence Abrams, who runs bleepingcomputer.com and who was the first to report the Popcorn Time ransomware. “I have never seen anything like this in ransomware,” said Abrams. “This is definitely a first.”

In screenshots — obtained by MalwareHunterTeam and BleepingComputer.com –victims are given a week to pay the ransom or find new victims. The ransom note offers two options. There is the “fast and easy way” and “the nasty way.”

We are sorry to say that your computer and your files have been encrypted, but wait, don’t worry. There is a way you can restore your computer and all of your files… Send the link below to other people, if two or more people will install the file and pay, we will decrypt your files for free.

What is most interesting ? That the malware developers claim to be a group of “computer science students from Syria” who will use the ransom for “food, medicine, and shelter for Syrians impacted by war.” In the twisted message (below) they also apologize for forcing the victim to pay:

The note demands 1 bitcoin (approximately $800.00 USD) and gives the victim a limited number of times they can input a decryption key. While we don’t know how effective the strategy will be to make money or finding new targets, it does highlight that there will always be someone out there ready to steal your data in new, awful ways.