Popcorn Time ransomware: Infect your friends, get decryption keys

Think ransomware is already vicious and cruel? A new variant raise the ante on nasty.

Ransomware is growing at an alarming rate. From your basic file encryption to entire hard drive encryption, coders of this malware are getting more creative as time goes on. Up until this point, however, the only moral quandary presented to ransomware victims was deciding to pay the hackers or not. Now, it seems that the black hats are upping the stakes. What if I told you that there is a new strain of ransomware that allows you to decrypt your files for free? The only catch is that you must infect others to obtain the decryption key.

Discovered by researchers at Malware Hunter Team, and analyzed by Lawrence Abrams of bleepingcomputer.com, the ransomware Popcorn Time (no relation to the similarly named app) gives users this option. While the ransomware’s code indicates it is not complete, there is enough on the Dark Web to suggest that it is close to being deployed in the wild.

Those that are infected with Popcorn Time are given the following message:

The key thing to note is there are two stipulations: 1) there is a quantity of people you need to infect, and 2) all subsequent victims must pay. It is the perfect bait and switch, because the sequence of events must be perfect in order for the original victim to gain their decryption key. Another caveat is that, should you actually gain access to the decryption key, after a number of failed attempts (easy to do with the length of keys), the ransomware will re-encrypt your files.

The actual ransomware utilizes AES-256 encryption and targets over 500 different file types. The coders of the malware, in a real scumbag move, claim that they are using the money stolen through ransom to help Syrian war victims. If you actually believe this, I truly feel sorry for you, as this is just an example of criminals attempting to capitalize on a human rights crisis.

This appears to be the first time a ransomware has given users the choice of engaging in an illegal act to save their encrypted data. The efficacy of Popcorn Time, or similar ransomware in the future, is not yet tested so it is difficult to quantify. As Lawrence Abrams stated in an interview with the Kaspersky Lab blog Threatpost, “Will most people choose to break the law and try to infect other people? I guess not. But there is certainly a percentage of nasty people with low morals that will likely try it.”

Whether or not this prediction comes to pass, it is important to note that infecting others with ransomware to save your data is just as illegal as the original attack.

And the question you must answer is, “Would you do it?”

Photo credit: Lawrence Abrams, Logicaldisaster

About The Author

1 thought on “Popcorn Time ransomware: Infect your friends, get decryption keys”

  1. I absolutely would not agree to this, I guess that if I had to choose I would simply ignore the hacker. Then I would remove the ransomware with MalwareFox and I would get my files back either with a data restore application or a decryptor. I know that chances are slim to get our files back after we’ve been infected, but it is worth a try. I absolutely refuse to help these hackers by giving them money to get my files back. Even if they were to do it for a good purpose, there are better ways to earn money, right?

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top