New Popcorn Time Malware Offers To Decrypt For free – With A Twist

By   Information Security Buzz Editorial Staff
Chief Editor , Information Security Buzz | Dec 15, 2016 04:16 am PST

A new strain of ransomware, dubbed “Popcorn Time”, is being reported with those infected being given the option to pay with a twist. Instead of paying to have their files decrypted, they are given the option to pass the malware onto others and if 2 or more people become infected and pay the ransom, the files of the original victim will be decrypted for free. Paul Calatayud, CTO at FireMon commented below.

 Paul Calatayud, CTO at FireMon:

paul-calatayud“This is a very, very clever business model being deployed to help fund a cyber attack campaign.

First, it takes advantage of phishing techniques by using trained sources, in this case the friends that were infected, and uses that trust as an approach to spread their malware. Think of it like a pyramid scheme, where someone eventually has to pay for all of this great product!

In regards to charityware, I find this claim hard to believe and more importantly difficult to validate. It attempts to make the buyer feel okay about giving the attacks any money, leaving the victim with the thought that at least it’s going to charity.

Event real legitimate charities often find themselves in the spotlight for situations regarding just what percentage of their donations actually reach the cause they are promoting. One should question any situation where an illegal activity such as a cyber attack has any ethical players involved.

With regards to innovation in ransomware, I would say it’s not a highly innovated  attack vector. It’s rather simple to launch ransomware attacks and unlike other attacks, it’s all about being able to monetise the outcome. Most attacks are multi-pronged in that they not only have to infect the machine but extract data and then exchange that data on black markets in order to obtain the end result of money.

Ransomware is a far more simple approach since success is determined by infection and money is obtained in the form of payments for description keys. The innovation used to get folks to infect their machines would be similar to techniques used in other cyber attacks.”