According to security researchers and reported by The Guardian, a new ransomware variant has been discovered using an innovative system to increase infections: the software turns victims into attackers by offering a pyramid scheme-style discount.
Users that are infected with the Popcorn Time malware (named after, but unrelated to, the bittorrent client) is offered the ability to unlock their files for a cash payment, usually in the form of bitcoin.
But they also have a second option, described by the developers as “the nasty way”: passing on a link to the malware. “If two or more people install this file and pay, we will decrypt your files for free.”
The affiliate marketing scheme was discovered by security researchers MalwareHunterTeam. For now, it’s only in development, but if the software gets a full release, its innovative distribution method could lead to it rapidly becoming one of the more widespread variants of this type of malware.
Like most ransomware, Popcorn Time, encrypts the key files on the hard drive of infected users, and promises the decryption key only to those users who pay up (or infect others), but the code also indicates a second twist: the ransomware may delete the encryption key entirely if the wrong code is entered four times. The in-development software doesn’t actually contain the code to delete the files – it contains references to where that code would be added.
Advice varies as to what users who are infected with ransomware should do. Most law enforcement organizations recommend against paying the ransoms noting that it funds further criminal activities and that there is no guarantee the files will be recovered anyway (some malware attempts to look like ransomware, but simply deletes the files outright).
Many security researchers recommend similarly, but some argue that it should not be on the individual victim to sacrifice their own files for the sake of fighting crime at large. Some ransomware has even been “cracked” thanks to the coders making a variety of mistakes in how they encrypt the hard drive. Petya and Telecrypt are two types of malware that have been so defeated.
As a managed IT services company, we see and clean infections of all varieties. Ransomware has just become the most notorious of infection since it generates the most money for those distributing it. We ensure that our managed IT clients always have their system backed up and that permissions are set such that the infection can not spread quickly or easily around the network infecting other computers. Recovering from a crypto or ransomware attack can be a headache, especially if you do not have a current back up of your data. If your data is backed up, however, it’s a simple matter of removing the virus and restoring your data from the most current back up.
Malware of all kinds is always changing and evolving, which is why utilizing computer security and keeping your system up to date is very important. If your interested in making sure your business and data is safe, contact us today so we can work with you to secure your devices.