A buggy example of ransomware recently analysed by security firm Sophos may show warning signs of things to come.
We’ve recently discussed how ransomware has become such a big “business” that distributors actually have to worry about things like customer service and satisfaction.
And now ransomware distributors may be launching their own “referral programs” where victims of an infection may be able to get their files unlocked for free by “referring” (and by that, we mean infecting) two other people who are then willing to pay up.
If you don’t know what ransomware is or does, then firstly, where have you been? Secondly, you can learn all you need to know through this link that tells you all you need to know about ransomware.
In the case analysed by Sophos, the ransomware was called “Popcorn Time”. Sophos note that it hasn’t been seen in the wild yet, which may be down to it containing a number of bugs that prevented it from working smoothly.
However, Sophos found that after the ransomware infected your files stored in MyDocuments, MyPictures etc. and inevitably asked for a ransom to decrypt them (1 Bitcoin,) another pop-up presented itself called “Restoring your files – The nasty way”
The message went on to say –
Send the link https://REMOVED below to other people, if two or more people will install this file and pay, we will decrypt your files for free.
This is the first case that we’re aware of where the criminals may unlock your files when you infect other people with the same ransomware.
Of course, we don’t actually know if the ransomware criminals (who purport to be from Syria and are raising money for charitable causes…) would actually honour this dubious agreement.
Either way, Popcorn Time isn’t in the wild, and Sophos managed to unlock their files for free, without paying or infecting other computers, due to the malware being a tad flawed.
But it may be a worrying sign of things to come. We don’t know what “Popcorn Time 2” will look like or whether other more experienced ransomware developers will incorporate this marketing stunt in their own versions.
If it does become popular in the wild, we cannot stress this enough – DO NOT think about referring (infecting) other people yourself. It’s illegal, and you may find yourself sharing a cell with those who develop this nasty malware.
You can read the full write-up from Sophos here.