There is a new ransomware variant that has been discovered which uses an advanced system to increase infections – it blackmails victims to become attackers by offering a pyramid scheme-style discount.
If there is a user who is infected with the Popcorn Time malware (named after the pirated movie streaming software, but unrelated), they are offered to unlock their files – but they have to pay, usually one bitcoin (equating to $772.67/£613.20).
There is, however, another option (dubbed “the nasty way” by the developers): passing on a link to the malware, with the promise that “if two or more people install this file and pay, we will decrypt your files for free.”
This affiliate marketing scheme was discovered by MalwareHunterTeam, security researchers. If the software, which is currently in development, is released, its ground-breaking distribution method could mean it is rapidly spread, becoming a widespread variant of this type of malware.
Popcorn Time, like most ransomware, encrypts key files on the hard-drive of infected users, and uses the promise of the decryption key as blackmail (i.e. you will only receive it if you pay them or infect others). As well as this, there is also another problem: if the wrong code is entered four times, the encryption key may be deleted entirely. There is no code to delete the files yet in the in-development software, but there are references as to where that code would be added in.
There is varying advice as to what users who have been infected should do. Most law enforcement organisations recommend that you do not pay the ransom and note that it would fund further criminal activity, and that there isn’t a guarantee that the files would be recovered – due to the fact that some malware attempts to look like ransomware, but just deletes the files.
Other, various security researchers recommend likewise, but some have also argued that victims shouldn’t have to sacrifice their files for the sake of fighting crime at large. There is even ransomware that has been “cracked”, thanks to the coders making many mistakes in how they encrypted the hard drive. Two types of malware that have been defeated this way are Petya and Telecrypt.