FedEx Will Pay You $5 to Install Flash on Your Machine
We certainly hope that FedEx shows more concern over the safety of its drivers and pilots than it shows to customers wanting to order printing online.

FedEx is making you an offer you
iCub the Open Source Robot
It occurs to us that the iCub might be the perfect companion for an only child. Probably cheaper in the long run than a little brother or sister, and it can be turned off at night.

The Screening Room

Linux Action Show to End Eleven-Year Run at LFNW
Six more episodes before the popular Linux podcast, Linux Action Show, ends its nearly 11-year run in a live broadcast from LinuxFest Northwest.


Jupiter Broadcasting's long-running
No, Evil Hackers Aren't After You
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.

Roblimo's Hideaway

OMG! I think I see a giant camera lens on
Four Things a New Linux User Should Know
When you move from "that other operating system" to Linux, you're going to find that in most ways you'll be in familiar territory. However, that's not always the case. We sometimes do things a little differently
Should the U.S. Army Have Its Own Open Source License?
Should the U.S. armed forces begin releasing software under an OSI approved open source license rather than as public domain?

Roblimo's Hideaway

This question has generated many pixels'
GitHub CEO Chris Wanstrath on Open Source
Did you know that the software Stephen Hawking uses to speak is open source and that it's available on GitHub? Neither did we.

The Screening Room

At the Computer History museum, GitHub CEO Chris
December 14th, 2016

‘Refer a Friend’ Ransomware Program

A new, under development ransomware called Popcorn Time has a “refer a friend” option meant to appeal to the victim’s worst instincts.

Popcorn Time lock screen

All graphics in this article are courtesy Bleeping Computer, LLC. Used with permission.


If you need any proof that malware is a business much like any other — with the big exception that it’s illegal — all you have to do is look at the latest ploy being used by the currently-in-development ransomware called Popcorn Time that was discovered December 7 by MalwareHunterTeam. The folks behind the malware are incorporating a scheme to drum up business that’s directly from a Marketing 101 textbook.

If Popcorn Time grabs a computer and encrypts it’s files, the hapless victim is offered two choices to get the data returned to its pristine state. One is the traditional method — the authors of the malware call it “the fast and easy way” — of paying a ransom of a Bitcoin, which is about $773 at the current rate. If the price is too steep for the victim’s pocketbook, there’s another option that the malware authors call “the nasty way,” which is a new twist on the tried and true “refer a friend” promotions that have been used by legitimate businesses forever.

“Send the link below to other people,” the malware instructs. “If two or more people will install this file and pay, we will decrypt your files for free.”

Popcorn Time refer a friend

Voila! You are now a botnet, manually sending emails containing a malicious payload to everyone who trusts you.

The link points to a file located on a Tor server, but according to Lawrence Abrams at Bleeping Computer, the site is currently offline, so it remains to be determined what method the file uses to trick users into installing it.

Victims should think twice about searching around on the Internet to try potential unlock codes. Again according to Abrams, the source code “indicates that the developer may add a function that deletes a victim’s files if you enter the wrong decrypt code four times.”

The current lock screen (shown at the top of this article) doesn’t indicate this function, but I expect that if the feature is implemented it will, as that would offer another incentive for the victim to either cough up a Bitcoin or start throwing friends under the bus.

Popcorn Time ransom note

Click to enlarge.

Once Popcorn Time is “officially” released, it will be interesting to see how well this malicious affiliate marketing scheme pays off for the black hats behind it. My guess is that at first it will. The “refer a friend” enticement might have a short life, however. Everyday computer users just trying to get their data back won’t be good at covering their tracks, and knowingly sending malware is a crime in most jurisdictions. After a couple of publicized arrests, the option will lose its appeal.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

1 comment to ‘Refer a Friend’ Ransomware Program