Ransomware on its own is evil enough, but now hackers have found a way of potentially doubling their cash return through a single infection: by offering to unlock encrypted files if the user is willing to infect two friends with it.
That’s evil on a whole new level. Hilarious, but evil.
This new strain is called Popcorn Time, and is unrelated to the illegal movie-streaming service of the same name. Once it’s infected a user’s machine, it asks them for payment of one bitcoin before it unlocks anything, which is standard practice for any ransomware. A single infection, then, is worth approximately $780 – the current bitcoin value. In rand terms, that’s R10 678 at today’s exchange rate.
Infected users have little option but to pay, or face losing their data entirely, as the encryption used is AES-256. There are currently no ways of defeating it without the encryption key, or access to a datacentre that uses quantum processors and a team of encryption experts. Even then, there’s only a slim chance of getting your files back.
Which is why Popcorn Time’s alternative to bitcoin payment is so clever. By selling two friends down the river by sending them the ransomware, a user stands a chance of having their systems unlocked for free, and the hacker stands a chance of doubling their profit from a single infection.
There is a snag, though – success depends on both friends paying up. It’s unclear what happens should both parties decide to sell out two of their friends (and those friends do the same, ad infinitum), though – perhaps the whole thing turns into a pyramid scheme of epically evil proportions. But more likely, the friends who are implicated are directed to a different set of messages from the hacker which do not offer the same get-your-files-back-for-free option as the original infectee.
Still, it’s interesting (from a purely technical perspective) to watch ransomware evolving like this.
To avoid ever falling victim to such scams, we highly recommend never visiting unofficial web stores or side-loading dodgy apps onto your PC, always ensure your security software is up to date and pay attention to browser warnings about potentially dodgy websites. Also, never, under any circumstances, should you run executables that arrive by email. That’s just folly.
Follow these tips, and you won’t have to infect friends with R20k’s worth of ransomware just to get your files back.
[Image – CC By 2.0]