Friends don’t infect friends with ransomware … until it saves them $770
Ransomware scum are suggesting that victims infect their friends instead of paying for decryption keys.
Thre ransomware variant “Popcorn Time”, unrelated to the popular Bittorrent client by the same name, first tells users they have a week in which to pay one one bitcoin (US$770) in order to have their files decryoted.
The menace, spotted by the MalwareHunter group, also offers victims the chance to infect two other users to avoid payment.
Friends are confirmed as having been infected using a referral link and must both pay the ransom for the first victim to receive their decryption key for free.
Users who insert the wrong decryption key may see their data deleted on the fourth incorrect attempt.
Ransomware authors claim the ransom will be used to pay for food and shelter in Syria.
Bleeping Computer scribe Lawerence Abrams says that the ransomware is not yet the finished article.
“When the infection has finished encrypting a computer it will convert two base64 strings and save them as ransom notes called restore_your_files.html and restore_your_files.txt.
It will then automatically display the HTML ransom note,” Abrams says.
Ransomware decryption efforts are largely unified under the NoMoreRansom Alliance.
Before the alliance formed, ransomware-wrecking was a scattered and silo-ed, but furious efforts by malware researchers to have de-fanged scores of ransomware variants.
Only a handful of ransomware attacks have sufficiently tight encryption implementations to have resisted white hat hacking efforts.
Criminals can net a conservative US$84,000 a month slinging ransomware for an investment of US$6000, a whopping 1425 per cent profit margin, trustwave found last year. ®
Sponsored: Customer Identity and Access Management