Reg comments77

Ransomware scum offer free decryption if you infect two mates

Friends don't infect friends with ransomware ... until it saves them $770

Ransomware scum are suggesting that victims infect their friends instead of paying for decryption keys.

The ransomware variant "Popcorn Time", unrelated to the popular Bittorrent client by the same name, first tells users they have a week in which to pay one bitcoin (US$770) in order to have their files decrypted.

The menace, spotted by the MalwareHunter group, also offers victims the chance to infect two other users to avoid payment.

Friends are confirmed as having been infected using a referral link and must both pay the ransom for the first victim to receive their decryption key for free.

Users who insert the wrong decryption key may see their data deleted on the fourth incorrect attempt.

Ransomware authors claim the ransom will be used to pay for food and shelter in Syria.

Bleeping Computer scribe Lawrence Abrams says that the ransomware is not yet the finished article.

"When the infection has finished encrypting a computer it will convert two base64 strings and save them as ransom notes called restore_your_files.html and restore_your_files.txt. It will then automatically display the HTML ransom note," Abrams says.

Ransomware decryption efforts are largely unified under the NoMoreRansom Alliance.

Before the alliance formed, ransomware-wrecking was a scattered and silo-ed activity, but furious efforts by malware researchers to have de-fanged scores of ransomware variants.

Only a handful of ransomware attacks have sufficiently tight encryption implementations to have resisted white hat hacking efforts.

Criminals can net a conservative US$84,000 a month slinging ransomware for an investment of US$6,000, a whopping 1,425 per cent profit margin, Trustwave found last year. ®

Sign up to our Newsletter

Get IT in your inbox daily

Biting the hand that feeds IT © 1998–2017