New ransomware offers victims free decryption key…for a price

The latest piece of malicious code to surface online presents a major reputational risk for enterprises and individuals alike.

This particularly nasty piece of ransomware infects individuals PC, taking control of everything on it. The virus will only be lifted if you opt to infect other computers, most likely friends, family or colleagues.

Popcorn Time, as it has been called, was discovered by the MalwareHunterTeam who say it is spreading fast due to its unusual release method.

Infected computers can either pay the ‘ransom’ of one bitcoin or if they send the link to people in their mailing lists.

Then if two or more people install the ransomware and end up paying the Bitcoin fee, then the original victim will get their files released free of charge.

>See also: 6 steps to protect your company from crypto-ransomware attacks

“Popcorn Time is certainly an interesting new variant in the long line of ransomware we’ve seen emerging in recent years,” said Fraser Kyne, EMEA CTO at Bromium.

“The offer of a free decryption key for those that successfully infect two of their ‘friends’ is a particularly nasty touch, for several reasons. Firstly; the cyber criminals are playing on the trust factor, knowing that people are much more likely to open an email or attachment that comes from somebody they know.”

“However, even if both the secondary victims do fall into the trap, the likelihood of them both paying the ransom is pretty low, so the initial victim may have to spread the net far wider before they get the promised decryption key. When you do the maths on that, it’s pretty clear that Popcorn Time could spread like wildfire.”

Ransomware has become an increasing threat over the years as the number of harmful files send to email addresses has surged.

It has a particular effect on businesses as a Trend Micro report found. The research suggested that one in five companies that have paid a ransom never got any of their stolen data back.

The research also found that 44% in the UK have been infected by ransomware in the last 24 months, with 27% being hit more than once. Quite staggering figures.

The financial fallout is currently not even the worst part. As cyber breaches and ransomware invasions increasingly figure in the public eye, the reputational fallout becomes particularly damaging.

>See also: How to minimise the impact of ransomware

“For enterprises, as well as the threat of Popcorn Time locking up corporate data, there is also a huge reputational risk if it emerges that employees are spreading it to others via their work email. This is clearly a board-level concern, so CISOs should be looking at what safeguards they can put in place to prevent it” said Kyne.

He continued that employee awareness is vital and that making everyone aware of the threat and outlining the steps to take if they are infected is also crucial.

“However, with 70% of threats introduced by users, experience tells us that there will always be one who ‘didn’t get the memo’. As such, it’s important to have a safety net such as micro-virtualisation in place, to ensure that even if a user does become infected with Popcorn Time, it is restricted to an isolated environment and effectively neutralised, so there’s no need for that free decryption key.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics