A Nasty New Twist In Ransomware: To Decrypt Your Files Without Paying, Spread The Infection To Others

from the putting-the-mal-in-malware dept

Techdirt first wrote about ransomware back in 2010. Even then, we noted it was nothing new, but that a further twist on the idea had appeared. Well, here we are, nearly in 2017, and ransomware is still with us -- so much for tech progress -- and new twists are still appearing, as the Guardian reported recently:
Any user who finds themselves infected with the Popcorn Time malware (named after, but unrelated to, the bittorrent client) is offered the ability to unlock their files for a cash payment, usually one bitcoin ($772.67/£613.20).

But they also have a second option, described by the developers as "the nasty way": passing on a link to the malware. "If two or more people install this file and pay, we will decrypt your files for free".
This really puts the "mal" in "malware," since it makes a naked appeal to a victim's worst nature. A post on the site BleepingComputer.com offers more details of what seems to be a "work" in progress, including a screenshot of the ransom note, which contains the following information about those who claim to be behind this:
We are a group of computer science students from Syria, as you probably know Syria is having bad time for the last 5 years. Since 2011 we have more than half million people died and over 5 million refugees. Each part of our team has lost a dear member from his family. I personally have lost both my parents and my little sister in 2015. The sad part of this war is that all the parts keep fighting but eventually we the poor and simple people suffer and watching our family and friends die each day. The world remained silent and no one helping us so we decided to take an action.

Be perfectly sure that all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living.
Well, maybe. But given the ruthlessness of the coders in offering a "nasty way" out of their threats, perhaps this is just another shrewd attempt to manipulate the ransomware victims -- one that is cynically exploiting the very real Syrian tragedy that is unfolding before our eyes.

Until now, malware has been a simple arms race between the authors of harmful code, and the companies making anti-virus products that try to spot the code before it can infect a user's system. The new Popcorn Time ransomware adds a new dimension, and seeks to make the victim an active and complicit vector of infection.

This opens up all kinds of possibilities. For example, we might see ransomware that starts to offer bonuses according to the number of people you infect. You can always claim it was the malware, not you, that sent the program, and nobody will know about your Bitcoin payments. Maybe inventive Techdirt readers can come up with a few more "nasty" ideas that build on this latest twist in ransomware coding.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • icon
    PaulT (profile), 14 Dec 2016 @ 4:09am

    "The world remained silent and no one helping us so we decided to take an action."

    They obviously haven't been listening hard enough. The people demonising Syrian refugees and actively blocking aid just in case one of them might be a terrorist certainly haven't been silent. It would be nice if they could target the malware just to the people who were doing that.

    "The new Popcorn Time ransomware adds a new dimension, and seeks to make the victim an active and complicit vector of infection."

    Well, they always have been in a sense, it's just that this is the first time I'm aware of it not being dependent on the ignorance of the victim.

    reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 14 Dec 2016 @ 4:31am

      Re:

      "Well, they always have been in a sense, it's just that this is the first time I'm aware of it not being dependent on the ignorance of the victim."

      Indeed, if nobody ever paid this type of attack (along with many other e-annoyances) would be dead in the cradle.

      People really need to backup important stuff elsewhere so they can format their machines with peace of mind. HDDs are not that expensive nowadays.

      reply to this | link to this | view in chronology ]

  • identicon
    An-other-onymous, 14 Dec 2016 @ 4:14am

    But now it's 2 bitcoins not to expose you.


    and a few more ...

    and a few more ...


    Well done, now you're a victim of old-school blackmail victim

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Dec 2016 @ 5:37am

      Re:

      Exactly. Somehow those two you willingly infected, they were not really sure that those were because of you. so now you gotta infect two more. Or have them send along personally identifying details...like their complete credit card information.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 14 Dec 2016 @ 4:28am

    Please let some person more enlightened than me make one of those that gives bonuses to each corrupt politician killed. Though that wouldn't be nasty at all :D

    Disclaimer: in case the NSA (and other -un-intelligence agencies) or law enforcement are reading this it is a joke.

    M.I.B. is knowledge.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Dec 2016 @ 4:35am

    "We are extremely sorry that we are forcing you to pay"

    So are the Russian love scams, Microsoft tech support coming from India, and the Nigerian 419 letters.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Dec 2016 @ 4:39am

    Gamify the malware!

    Start offering achievements for infecting certain targets and on the number to people you infect. Offer free (pirated) productivity software after acheiving a certain number of confirmed infections. Create a leaderboard for top infectors. Offer Microtransactions to increase the amount of time you have to infect people or decrypt single files. Have a target of the week that scores massive points.

    reply to this | link to this | view in chronology ]

  • icon
    Jeremy Lyman (profile), 14 Dec 2016 @ 5:05am

    Oh sure, this is over the line. But everyone was totally cool with the fraking "ice bucket challenge." Make up your minds!

    reply to this | link to this | view in chronology ]

    • icon
      Frozen Njal (profile), 15 Dec 2016 @ 3:50am

      Re:

      WTF?

      You are comparing a voluntary action challenge which harmed no-one and helped charities with a vicious manipulative piece of harmful software?

      reply to this | link to this | view in chronology ]

  • icon
    Hamid (profile), 14 Dec 2016 @ 6:19am

    I've been pretty lucky, been able to restore my system from a Ransomware/Cryptolocker infection pretty quickly with my recovery tools (Malwarebytes, RollBack Rx, Drive Cloner, etc).

    Still, this is pretty bad. I mean if one of my friends was dumb enough to infect me over re-imagine or restoring to a snapshot, we wouldn't be friends for much longer!!!

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Dec 2016 @ 7:29am

      Re:

      If one my my "friends" did this to me, we already wouldn't be friends. This would just be them declaring that fact. I would pursue all avenues, including a civil lawsuit and criminal charges, in making them pay for such a decision.

      reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 14 Dec 2016 @ 7:07am

    Hell. I have a boat load of old computers. A few dozen email accounts. Maybe I can get the "hackers" to pay me to infect my own machines. $772 for 2 machines. Sign me up.

    reply to this | link to this | view in chronology ]

  • icon
    Vidiot (profile), 14 Dec 2016 @ 8:28am

    "Well, here we are, nearly in 2017, and ransomware is still with us -- so much for tech progress --"

    Uh-oh... sounds like an implied "nerd harder"...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Dec 2016 @ 10:56am

    So Ransomeware has now become a Multi-Level Marketing scheme? Next they will have titles for how many people you infect.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Dec 2016 @ 11:47am

    This is great! So now we can simply send invite to two dummy email accounts, then load up VM for installation, and we get unlocked for free? Excellent.

    reply to this | link to this | view in chronology ]

    • icon
      Frozen Njal (profile), 15 Dec 2016 @ 3:53am

      Re:

      No, because those accounts must pay. They obviously thought this through. Also, remember, those infected accounts may opt to infect others instead of paying, so on average you may have to infect more yourself. You'd better hope you have rich/desperate 'friends'!

      This leads to a steady flow of income for the malware providers whilst having to do virtually nothing to spread the vector. Pretty diabolical - someone knows their game theory.

      Expect Prenda to jump on the bandwagon anytime soon...

      reply to this | link to this | view in chronology ]

  • icon
    MikeW (profile), 14 Dec 2016 @ 11:55am

    Before I got the pay bit, I was thinking that you could set up a computer or two to serve as malware/virus sinks that would satisfy the "send to two others" requirement without actually ruining your friend's computer.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Dec 2016 @ 12:36pm

    I personally have lost both my parents and my little sister in 2015.

    Too bad they didn't get you too.

    reply to this | link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 14 Dec 2016 @ 4:47pm

    Makes one wonder

    One has to wonder what other malware will be left hidden behind afterwards.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2016 @ 12:11am

    Goddammit Samara, who uploaded that VHS to the Internet?

    reply to this | link to this | view in chronology ]

  • identicon
    Job, 17 Dec 2016 @ 9:58pm

    So what of that safepay stuff?

    Well, it was ugly what made the guilt alarm go off. Is it that? guilt over what made the safepay scam popup? I have no idea how law enforcement succeeds to ignore it or leave it up to the victim. And who is concidered a victim here? or are there two ? I assume that some paid and some didn´t. I can maybe assume that there is a concensus over the material connected, maybe it would be worth paying if the goal would be to keep it off the net so prevent other negative impact of exposure. But thats maybe naive.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.