Cybercriminals are taking ransomware to another level with the latest variant named Popcorn Time. The new malware gives users the option of paying the ransom of one bitcoin (about $772), or they can become attackers themselves and distribute the ransomware to some of their friends (or enemies, if they so choose). If users select the second option, they must have two or more people install the file, and the user will receive the decryption key for free.
Named after, but not related to the popular streaming service, Popcorn Time works like any other type of ransomware. Once the ransomware has been installed, it will encrypt all of your files, leaving the user unable to access them. When a user has been infected, they will see the message below.
While this looks like any other ransom note, scrolling down the message will show that the cybercriminals are giving users the options we discussed above. There are also two other items that are different with the Popcorn Ransomware. First, the cybercriminals are claiming that the proceeds from the paid ransoms are going to individuals in need.
‘The money you gave will be used for food, medicine, and shelter to those in need’ the hackers say.
Second, to make matters worse, there is unfinished code in the ransomware that may indicate if a user enters the wrong decryption key four times, the ransomware will start deleting files. Meaning, whether you end up paying the ransomware or decide to go the unethical route and spread the ransomware to other users, you must enter the decryption key correctly, or your files will start being deleted.
Needless to say, Popcorn Time really tests your resolve as an ethical person. Are you willing to give someone you know a Christmas present of ransomware or are you going to bite the bullet and pay the ransom yourself? However, the best option would be to use deception technology and prevent ransomware from infiltrating your system in the first place.
No one wants to spend the holiday season worrying about ransomware infecting your system or your entire business’s database. Let WatchPoint take those worries away with CryptoStopper. CryptoStopper, developed by WatchPoint, uses deception technology in the form of watcher files placed in your important network shares. CryptoStopper continuously monitors the watcher files for the encryption process to start and will identify the ransomware attack in seconds. CryptoStopper will immediately isolate the infected workstation from the network then shut down the workstation. Lastly, it will send you an email notification letting you know a ransomware attack has been discovered and contained.