Experiencing a Breach?

Popcorn Time: Would You Infect Others To Avoid Paying A Ransom?

Would you infect other businesses with ransomware to keep from paying a ransom yourself?

This is a dilemma that was created by a new form of ransomware called Popcorn Time (not to be confused with the streaming movie service). This ransomware, which was found on the Dark Web and is still under development, adds a new method of extorting money from people.

With Popcorn Time, you have the typical option of paying one Bitcoin (around $1,000) ransom or you can use the referral link provided on their ransom demand to infect other businesses. The Popcorn Time ransom note states, “We are sorry to say that your computer and your files have been encrypted, but wait, don’t worry. There is a way you can restore your computer and all of your files… Send the link below to other people, if two or more people will install the file and pay, we will decrypt your files for free.”

In this scenario, if additional businesses become infected with Popcorn Time using your emailed referral link, and two of them pay the ransom, you can get a key to unlock your files for free.

There are currently over 500 file types that will be targeted with AES-256 encryption if a machine becomes infected. Once encrypted, the files will have the .filock extension and the victim will have a week to find two other victims that will pay or they can pay the ransom themselves.

Victims will have up to four chances to enter a decryption key. After four incorrect chances, the ransomware will begin deleting their files.

Another interesting twist from the Popcorn Time ransom demand is that the developers of the ransomware are claiming to be “a group of computer science students from Syria.” According to the message, any money collected will go toward medicine, food, and shelters for people that have been affected by war in Syria.

From the Popcorn Time ransom demand:

“Be perfectly sure that the money we get goes toward food, medicine and shelter to our people. We are extremely sorry we are forcing you to pay but that’s the only way we can go on living.”

It’s unknown if this is actually true or just another ploy to get people to pay the ransom.

Steering Clear Of Ransomware

Here are a few tips to help you steer clear of Popcorn Time and other types of ransomware:

  1. Backup your files to cloud: Using a cloud backup service is a good way to keep your files safe. If you need to keep your files local, the backup device must stay disconnected (except when backing up) to prevent infection.
  2. Stay informed: Regularly train (and retrain) your employees to watch out for suspicious emails, and to avoid clicking on links they are not expecting without verifying with the sender.
  3. Stay up-to-date with patches: Keep servers and workstations up-to-date with security patches.
  4. Block malware: Use advanced endpoint security protection (like SentinelOne) to block malware from getting onto your network.
  5. Disconnect after an infection: If an infection does occur, disconnect the machine as soon as possible to prevent further infection until the computer can be restored.

Whether it’s Popcorn Time or some other type of malware, it’s important to have the right tools to protect your network. Learn more about how cyber threats are growing in diversity and sophistication and what you can do to protect your network with our whitepaper “Replacing Antivirus and Doing it Right: A CISO Perspective”.