Yes, this novel technique has been employed yesteryear cyber criminals amongst the latest circular of ransomware threat, dubbed Popcorn Time.
Initially discovered yesteryear MalwareHunterTeam, the novel Popcorn Time Ransomware has been designed to rank the victim's a criminal agency of getting a gratis decryption telephone substitution for their encrypted files in addition to folders.
Popcorn Time plant similar to other pop ransomware threats, such equally the Crysis Ransomware in addition to TeslaCrypt, that encrypt diverse information stored on the infected calculator in addition to enquire victims to pay a ransom sum to recover their data.
But to instruct their of import files back, Popcorn Time gives victims option to pay a ransom to the cyber criminal or infect 2 other people in addition to convey them pay the ransom to instruct a gratis decryption key.
What's fifty-fifty worse? The victims are encouraged to pay the ransom of 1 Bitcoin ( $750) inside 7 days to have decryption keys stored on a remote server owned yesteryear Popcorn Time's developers.
If the ransom is non paid inside this duration, the decryption telephone substitution volition last permanently deleted in addition to recall of import files volition give-up the ghost impossible.
Moreover, the code of the ransomware is incomplete that may signal that if victims come inward the incorrect decryption telephone substitution iv times, the Popcorn Time ransomware volition start deleting victims' files.
Here's How the Popcorn Time Ransomware Threat Works:
If not, the Popcorn Time Ransomware volition either download diverse images to purpose equally backgrounds or start encrypting the files using AES-256 encryption. The encrypted files volition convey the ".filock" or ".kok" extension appended to it.
While encrypting the data, the ransomware volition display a faux shroud that pretends to last the installation of the program.
As presently equally the encryption is finished, it volition convert 2 base64 strings, relieve them equally ransom notes known equally restore_your_files.html in addition to restore_your_files.txt, in addition to hence automatically display the HTML ransom depository fiscal establishment annotation bespeak for 1 Bitcoin.
Want a Free Decryption Key? Infect Two More People
If those 2 infected victims pay the ransom, hence the offset victim volition supposedly instruct a gratis decryption key.
To brand this possible, the ransom depository fiscal establishment annotation contains a URL pointing to a file located on the Popcorn Time's TOR server.
Entering Wrong Decryption Key 4 Times in addition to You are Screwed Up!
When executed, the Popcorn Time ransomware volition display a lock shroud filled inward amongst diverse information relating to victim's detail installation.
The victim volition likewise detect a champaign where he/she tin dismiss come inward the decryption telephone substitution given to them yesteryear the assailant afterwards paying the ransom.
The root code for Popcorn Time contains a percentage that suggests the threat to delete files if the victim enters the incorrect decryption code iv times.
Since the Popcorn Time ransomware is nevertheless nether evolution at the fourth dimension of writing, many things are unclear in addition to may alter amongst time.
