In the Depths of the Cloud, Open Source and Proprietary Leviathans Fight to the Death
Jono Bacon Asked Google Home ‘Who Founded Linux?’ You Won’t Believe What Happened Next!
Red Hat's Women in Open Source Award Winners, 2017
Imagine an Android Phone Without Linux Inside
Linus Torvalds Talks to Debian Users
Mozilla Relents, Thunderbird Can Stay
Heed the Prophet Stallman, oh Software Sinners!
December 14th, 2016

‘Refer a Friend’ Ransomware Program

A new, under development ransomware called Popcorn Time has a “refer a friend” option meant to appeal to the victim’s worst instincts.

Popcorn Time lock screen

All graphics in this article are courtesy Bleeping Computer, LLC. Used with permission.

Security

If you need any proof that malware is a business much like any other — with the big exception that it’s illegal — all you have to do is look at the latest ploy being used by the currently-in-development ransomware called Popcorn Time that was discovered December 7 by MalwareHunterTeam. The folks behind the malware are incorporating a scheme to drum up business that’s directly from a Marketing 101 textbook.

If Popcorn Time grabs a computer and encrypts it’s files, the hapless victim is offered two choices to get the data returned to its pristine state. One is the traditional method — the authors of the malware call it “the fast and easy way” — of paying a ransom of a Bitcoin, which is about $773 at the current rate. If the price is too steep for the victim’s pocketbook, there’s another option that the malware authors call “the nasty way,” which is a new twist on the tried and true “refer a friend” promotions that have been used by legitimate businesses forever.

“Send the link below to other people,” the malware instructs. “If two or more people will install this file and pay, we will decrypt your files for free.”

Popcorn Time refer a friend

Voila! You are now a botnet, manually sending emails containing a malicious payload to everyone who trusts you.

The link points to a file located on a Tor server, but according to Lawrence Abrams at Bleeping Computer, the site is currently offline, so it remains to be determined what method the file uses to trick users into installing it.

Victims should think twice about searching around on the Internet to try potential unlock codes. Again according to Abrams, the source code “indicates that the developer may add a function that deletes a victim’s files if you enter the wrong decrypt code four times.”

The current lock screen (shown at the top of this article) doesn’t indicate this function, but I expect that if the feature is implemented it will, as that would offer another incentive for the victim to either cough up a Bitcoin or start throwing friends under the bus.

Popcorn Time ransom note

Click to enlarge.

Once Popcorn Time is “officially” released, it will be interesting to see how well this malicious affiliate marketing scheme pays off for the black hats behind it. My guess is that at first it will. The “refer a friend” enticement might have a short life, however. Everyday computer users just trying to get their data back won’t be good at covering their tracks, and knowingly sending malware is a crime in most jurisdictions. After a couple of publicized arrests, the option will lose its appeal.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

1 comment to ‘Refer a Friend’ Ransomware Program