A Nasty New Twist In Ransomware: To Decrypt Your Files Without Paying, Spread The Infection To Others
from the putting-the-mal-in-malware dept
Techdirt first wrote about ransomware back in 2010. Even then, we noted it was nothing new, but that a further twist on the idea had appeared. Well, here we are, nearly in 2017, and ransomware is still with us -- so much for tech progress -- and new twists are still appearing, as the Guardian reported recently:Any user who finds themselves infected with the Popcorn Time malware (named after, but unrelated to, the bittorrent client) is offered the ability to unlock their files for a cash payment, usually one bitcoin ($772.67/£613.20).This really puts the "mal" in "malware," since it makes a naked appeal to a victim's worst nature. A post on the site BleepingComputer.com offers more details of what seems to be a "work" in progress, including a screenshot of the ransom note, which contains the following information about those who claim to be behind this:
But they also have a second option, described by the developers as "the nasty way": passing on a link to the malware. "If two or more people install this file and pay, we will decrypt your files for free".
We are a group of computer science students from Syria, as you probably know Syria is having bad time for the last 5 years. Since 2011 we have more than half million people died and over 5 million refugees. Each part of our team has lost a dear member from his family. I personally have lost both my parents and my little sister in 2015. The sad part of this war is that all the parts keep fighting but eventually we the poor and simple people suffer and watching our family and friends die each day. The world remained silent and no one helping us so we decided to take an action.Well, maybe. But given the ruthlessness of the coders in offering a "nasty way" out of their threats, perhaps this is just another shrewd attempt to manipulate the ransomware victims -- one that is cynically exploiting the very real Syrian tragedy that is unfolding before our eyes.
Be perfectly sure that all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living.
Until now, malware has been a simple arms race between the authors of harmful code, and the companies making anti-virus products that try to spot the code before it can infect a user's system. The new Popcorn Time ransomware adds a new dimension, and seeks to make the victim an active and complicit vector of infection.
This opens up all kinds of possibilities. For example, we might see ransomware that starts to offer bonuses according to the number of people you infect. You can always claim it was the malware, not you, that sent the program, and nobody will know about your Bitcoin payments. Maybe inventive Techdirt readers can come up with a few more "nasty" ideas that build on this latest twist in ransomware coding.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: infection, popcorn time, ransomware
Reader Comments
The First Word
“and a few more ...
and a few more ...
Well done, now you're a victim of old-school blackmail victim
Subscribe: RSS
View by: Time | Thread
They obviously haven't been listening hard enough. The people demonising Syrian refugees and actively blocking aid just in case one of them might be a terrorist certainly haven't been silent. It would be nice if they could target the malware just to the people who were doing that.
"The new Popcorn Time ransomware adds a new dimension, and seeks to make the victim an active and complicit vector of infection."
Well, they always have been in a sense, it's just that this is the first time I'm aware of it not being dependent on the ignorance of the victim.
[ link to this | view in chronology ]
Re:
Indeed, if nobody ever paid this type of attack (along with many other e-annoyances) would be dead in the cradle.
People really need to backup important stuff elsewhere so they can format their machines with peace of mind. HDDs are not that expensive nowadays.
[ link to this | view in chronology ]
and a few more ...
and a few more ...
Well done, now you're a victim of old-school blackmail victim
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Disclaimer: in case the NSA (and other -un-intelligence agencies) or law enforcement are reading this it is a joke.
M.I.B. is knowledge.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
So are the Russian love scams, Microsoft tech support coming from India, and the Nigerian 419 letters.
[ link to this | view in chronology ]
Start offering achievements for infecting certain targets and on the number to people you infect. Offer free (pirated) productivity software after acheiving a certain number of confirmed infections. Create a leaderboard for top infectors. Offer Microtransactions to increase the amount of time you have to infect people or decrypt single files. Have a target of the week that scores massive points.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Oh sure, this is over the line. But everyone was totally cool with the fraking "ice bucket challenge." Make up your minds!
[ link to this | view in chronology ]
Re:
You are comparing a voluntary action challenge which harmed no-one and helped charities with a vicious manipulative piece of harmful software?
[ link to this | view in chronology ]
Still, this is pretty bad. I mean if one of my friends was dumb enough to infect me over re-imagine or restoring to a snapshot, we wouldn't be friends for much longer!!!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Amway, is that you?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
"Well, here we are, nearly in 2017, and ransomware is still with us -- so much for tech progress --"
Uh-oh... sounds like an implied "nerd harder"...
[ link to this | view in chronology ]
Re:
But they have nerded harder. There has been much tech progress in the ransonware game.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
This leads to a steady flow of income for the malware providers whilst having to do virtually nothing to spread the vector. Pretty diabolical - someone knows their game theory.
Expect Prenda to jump on the bandwagon anytime soon...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I personally have lost both my parents and my little sister in 2015.
[ link to this | view in chronology ]
Makes one wonder
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So what of that safepay stuff?
[ link to this | view in chronology ]