CIO Today HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR MONDAY JANUARY 23

Close Search Box
CIO Today
CIO ISSUES
New 'Nasty' Ransomware Is True Evil Genius
Posted December 13, 2016
New 'Nasty' Ransomware Is True Evil Genius
Next Story
EARLIER
Cisco Introduces Cloud-Scale Networking for Enterprises
THIS STORY
New 'Nasty' Ransomware Is True Evil Genius
Next Story
LATER
Symantec: New Year, New Threats to Cybersecurity
YOU ARE HERE:   HOME arrow CIO ISSUES arrow THIS STORY
NEWS OPS

By Alex Hern. Updated December 13, 2016 9:00AM

SHARE

ALSO SEE

A new ransomware variant has been discovered using an innovative system to increase infections: the software turns victims into attackers by offering a pyramid scheme-style discount.

Any user who finds themselves infected with the Popcorn Time malware (named after, but unrelated to, the bittorrent client) is offered the ability to unlock their files for a cash payment, usually one bitcoin ($772.67/£613.20).

But they also have a second option, described by the developers as “the nasty way”: passing on a link to the malware. “If two or more people install this file and pay, we will decrypt your files for free”.

The affiliate marketing scheme was discovered by security researchers MalwareHunterTeam. For now, it’s only in development, but if the software gets a full release, its innovative distribution method could lead to it rapidly becoming one of the more widespread variants of this type of malware.

Like most ransomware, Popcorn Time, encrypts the key files on the hard drive of infected users, and promises the decryption key only to those users who pay up (or infect others). But the code also indicates a second twist: the ransomware may delete the encryption key entirely if the wrong code is entered four times. The in-development software doesn’t actually contain the code to delete the files, but it contains references to where that code would be added.

Advice varies as to what users who are infected with ransomware should do. Most law enforcement organizations recommend against paying the ransoms, noting that it funds further criminal activities, and that there is no guarantee the files will be recovered anyway (some malware attempts to look like ransomware, but simply deletes the files outright).

Many security researchers recommend similarly, but some argue that it should not be on the individual victim to sacrifice their own files for the sake of fighting crime at large. Some ransomware has even been “cracked”, thanks to the coders making a variety of mistakes in how they encrypt the hard drive. Petya and Telecrypt are two types of malware that have been so defeated.

© 2017 Guardian Web syndicated under contract with NewsEdge/Acquire Media. All rights reserved.

Tell Us What You Think
Comment:

Name:

Hank:
Posted: 2016-12-15 @ 6:31am PT
Yeah, we use Reboot Restore Rx on our local machines at work and I'm a pretty staunch supporter of disk imaging at home so either way we're good.

MORE IN CIO ISSUES

Next Article >

NETWORK SECURITY SPOTLIGHT
This Spotlight
Is Brought to You By:

INSIDE CIO TODAY NETWORK SITES SERVICES BENEFITS