Ransomware may turn victims into attackers, infect 2 others and decryption is free

One recently spotted ransomware variant is like doxware -- pay up or your passwords and files are leaked online; another has a 'nasty' option to infect two other people and have encrypted files decrypted for free.

ransomware locked laptop
Santeri Viinamäki

In the world of ever-evolving ransomware, one recently spotted variant is like doxware and another has a “nasty” option of infecting two other people – be it friends, enemies or strangers – and your files will be decrypted for free.

Doxware-style ransomware steals passwords and threatens to leak info

According to the MalwareHunterTeam, one of the new ransomware variants recently discovered not only encrypts your personal files, but also steals passwords. The ransom demand warns victims that if they don’t pay, then all their data and passwords will be leaked online.

ransomware steals passwords and threatens to leak info MalwareHunterTeam

The example above gives victims a long time to pay the ransom – until March 1, 2017. However, the warning in red claims that trying to get rid of the ransomware or even rebooting the PC “will result in the loss of all your data and your passwords and info will be posted online!”

Other ransomware variants that employ that tactic have been dubbed “doxware;” pay up or be doxed. Some security experts predict that doxware will become increasingly more popular in 2017.

Ransomware encourages victims to infect others so files will be decrypted for free

The MalwareHunterTeam is constantly finding new ransomware variants, including those under development such as the following variant of Popcorn Time – which isn’t actually related to the Popcorn Time app to stream pirated movies and TV shows. The group of malware hunters who discovered this ransomware variant posted a series of screenshots.

Popcorn Time ransomware that may turn victims into attackers MalwareHunterTeam

The Popcorn Time ransomware being developed gives victims an option to pay the ransom of the one bitcoin, or to turn into attackers. Victims are given an option to take the free decryption “nasty way” and pass their ransomware woes on to others by sending a ransomware referral link to other people. Popcorn Time authors wrote, “If two or more people will install this file and pay, we will decrypt your files for free.”

Popcorn Time nasty option to infect others with ransomware MalwareHunterTeam

If some poor soul were to trust the person sending the link and click on the bait, then he or she would see a fake installation screen claiming to be downloading and installing a program. In actuality, the ransomware is encrypting files.

According to the ransom note, victims have seven days to pay one bitcoin (about $780 at the time of publishing) before the decryption key is “deleted and your files will be gone forever.” The ransomware targets and encrypts hundreds of file extensions on top of files in Documents, Pictures, Music and Desktop folders.

Bleeping Computer noted that the source code indicates the developers are adding a function which will delete all encrypted files if the victim enters the wrong decryption code four times.

The authors of this particular Popcorn Time ransomware variant claim to be a group of Syrian computer science students with a sad tale. Victims are assured that the ransom payment will go “to food, medicine, shelter to our people.” The malware authors claim to be “extremely sorry” for forcing victims to pay, “but that’s the only way that we can keep living.”

We can hope this Popcorn Time ransomware variant never makes it past the development stage, but that probability seems unlikely. When the ransomware was last updated, the MalwareHunterTeam tweeted, “Now they have a system which obfuscates samples on-the-fly, also injects new IDs and BTC [bitcoin] addresses in them. They aren’t the average skids…”

Copyright © 2016 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon