Victim or Accomplice: New Ransomware Offers Ability to Spread Infections

Media Division | December 21, 2016

The efforts of cyber criminals to extort and exploit individuals and organizations continue to become increasingly ruthless every single day.  Morality often times plays no role within the tactics that they will use.  And unfortunately, their development and innovation in the use of ransomware for extortion has become much more adept.  Such is the case with a new type of ransomware that has been discovered within the deep web that takes the racket to a whole new level.

This new variant is called Popcorn Time, and it furthers the general extortion by requiring the victims to spread the infection, whereas usual ransomware requires only payment to be decrypted.  The Popcorn Time infected machine will display a prompt offering decryption of the individual’s or organization’s files in trade for their helping to spread the infection.  This is done by the victim sending links to two other people whose computers are then infected, and if they pay the ransom, the original victim will then receive the decryption key.  While Popcorn Time does have the general option of paying the ransom in trade for the decryption key, this presented alternative option is a new innovation in the realm of ransomware.

Turning Victims into Accomplices

A large feasible threat with regard to this new ransomware is the possible use for vindictive ends.  Meaning, if an individual was infected, they could use it to their benefit by infecting two others whom they have a grudge with or their competitors, as well as get their own system decrypted.  A blatant downfall of this being that their malicious intent and action can turn them into accomplices of the cyber criminals.  Infecting someone else’s machine is almost globally considered a criminal act, and can have repercussions that far outweigh the cost of a ransomware decryption key.  Hence, why this new strain of ransomware can be potentially disastrous for many involved who feel they have no other options.  Popcorn Time is highly skewed toward benefitting the cyber criminal creator being that much of the risk ends up being placed upon the victim, while they continue to reap the rewards of any potential spread.  The risk for the victim being that they could involve themselves in a criminal act, lose money, or lose valuable data.

Hiding Behind the Nobility of Charity

Another aspect of Popcorn Time is the way in which the ransomware note is written.  It attempts to tug on the emotional heartstrings of the victim in an attempt to obtain sympathy.  This is done by stating that the source of the ransomware is computer science students in Syria who are attempting to aid their people that have been affected by the war.  Whether this is fact or fiction cannot be truly established due to there being no paper trail, but it is unlikely.  While it intrigued researchers, they say it is unlikely to be more than a way to obtain more money.  Unfortunately, this type of tactic has been used before as a way to push the buttons of those affected into paying for the decryption key.  While there are many who will not believe this ploy, those who do find truth in the facade will be more likely to pay the criminal.  Looking at the fact that it takes considerable time and effort to create and insert ransomware, the general common purpose behind doing so is solely for profit.

While the concept of assisting those in need may hit home with some and cause them to pay, it is most likely going straight into the pockets of cyber criminals.  It no longer becomes a donation when you are being forced into it.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.