A ransomware gang has been offering victims a way out: Free decryption in return for infecting two of their friends.
The ransomware, known as Popcorn Time, is extremely popular and encrypts large portions of a computer user’s data when it infects their computer. Often the infection usually follows a phishing attack, in which a victim is targeted with an email loaded with the virus. Criminal gangs then extort victims into giving them money in return for decrypting and freeing their computer.
The blackmail and extortion are usually a straightforward transaction between victim and fraudster, however researchers at MalwareHunterTeam discovered the new and devious strategy to double their money and infect more people.
This particular version of the Popcorn Time malware offers two means for users to restore access to their files. The first is by paying 1 bitcoin, around $770, to decrypt—what it calls “the fast and easy way.” The second is described as “the nasty way,” but it’s free, if you’re willing to drop your friends in it. They’ll release your system when you forward the ransomware to two other people—who must both pay up before your own “ransom” is covered.
The development reflects a new way of extorting money by criminals, who continually become more creative in their attempts to get paid.
Strangely, according to screenshots and a comprehensive technical breakdown of the malware at BleepingComputer, this gang claims to be a group of computer scientists from Syria who insist the ransom funds go to providing food and shelter in the civil war-torn country. Whether this is true or not is yet to be confirmed, but the new strain of malware certainly tests its victims.
H/T the Register