Popcorn Time ransomware wants you to hack your friends

Ransomware offers decryption tool if you phish others

Hackers are using a new tactic to spread ransomware by getting victims to do the dirty work of infection themselves.

Criminals behind a ransomware variant known as "Popcorn Time" (which is completely unrelated to a video streaming Bittorent client of the same name) have told victims they can avoid having to pay a one bitcoin ransomware if they agreed to infect two other users.

The ransomware was discovered by researchers at MalwareHunterTeam. According to Bleeping Computer, if a victim incorrectly enters the wrong decryption code in four times, their data gets deleted completely.

The malware targets files found in My Documents, My Pictures, My Music and on the desktop. They are then scrambled using AES-256 encryption and labelled with a .filock extension. The authors of the malware claim the money will be used to provide food and shelter for refugees in Syria.

Victims that choose to infect others are given a "referral" URL which they then must send on to two other unsuspecting victims. Should those links get used to infect other systems, the initial victim gets a free decryption key. The URL points to the ransomware's Tor server.

The malware is very much a work in progress, Bleeping Computer reports. Users have been warned to not click on links they don't recognise, even if they come from people they know. Userss should also have backups of data stored on a separate drive should they fall victim to such malware.

A recent report from Kaspersky suggests ransomware attacks have significantly increase over the last 12 months from one every two minutes to one every 40 seconds for businesses, while for individuals the rate increased from every 20 seconds to every 10 seconds. SMBs were hardest hit, with 42% of them falling victim to a ransomware attack over the past 12 months.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021