A new malware has hit the internet, called Popcorn Time. Reports state that the malware was first brought to light by security researchers working for MalwareHunterTeam.
This is not to be confused with the BitTorrent client with the same name, although it seems to be piggybacking off the popularity of the torrent site. The malicious program is still in development stage, but it is already causing serious headaches for everyone whose devices were infected. Once the application graduates from being in-development, it is expected to cause even more harm.
How Malevolent is Popcorn Time?
The virus is quite dangerous in that it shakes down infected users like an experienced kidnapper. It will encrypt your files and will send you a warning message, stating that you will never have access to your files again unless you pay up.
It successfully instills fear and stress by adding a huge countdown on your screen, pressuring you to shell out the money. How much is the ransom fee? As of the moment, the malware usually asks for one bitcoin, which costs more than $700. Once you pay up, a decryption key will be sent to you so can reclaim your hostaged files.
According to more reports, it seems that the ransomware’s developers added another level of dangerous code that deletes your files just in case you decided to try your luck in guessing the decryption key. Input the wrong key four times, and your files will start disappearing.
Free Decryption is Possible if You Turn Against Friends
Don’t have the money to pay for your files’ ransom? Popcorn Time will happily decrypt your stuff for you, as long as you spread the virus to at least two of your friends. Yes, the malware just keeps on becoming crueler. Not only is it an experienced file-robber, it is also a budding pyramid scheme that is dirtier than the sewers.
Victims who can’t afford the payment are forced to send the ransomware’s link to a minimum of two other people. But this is not the end of it because the first victim’s files will be released only when at least one of the secondary victims pay up. This is one affiliate marketing network no one will ever be happy to join.
How Does It Operate?
Popcorn Time can sneak into your computer from anywhere, but entry points are usually suspicious email links, unknown files, pop-up advertisements, and corrupted programs. You know you have been infected right away when you see the big warning message informing you that your files are now held for ransom. On the warning message, you will see the field where you need to input the decryption code.
The moment the malicious program is activated, it will check for certain files and then start the encryption process using AES-256 encryption. Based on recent updates, folders that will be affected right off the bat are My Documents, My Music, My Pictures, Efiles, and everything on the desktop. The moment a file is forcibly encrypted, it will carry the file extension “.filock” and cannot be opened through normal operations.
Since the virus pretends to be a program installation screen during the encryption process, most people will not be aware of what’s happening until it is too late. After the malware finishes locking away your files, it will transform two base64 strings into “restore_your_files.html” and “restore_your_files.txt.” The screen displaying the warning message and ransom amount will be automatically displayed.
Because this ransomware is still in development, the dangerous program is bound to undergo various changes. What we know now may not be exactly what will appear on the final product. One thing is still clear though – this is going to cause loads of problems unless someone implements a solution soon.
Who Is Behind Popcorn Time?
There are many variations of the malware’s warning screen. One of them gave a clue as to who created Popcorn Time. It stated:
We are a group of computer science students from Syria. as you probably know Syria is having bad time for the last 5 years. Since 2011 we have more the half million people died and over 5 million refugees. Each part of our team has lost a dear member from his family. I personally have lost both my parents and my little sister in 2015. The sad part of this war is that all the parts keep fighting but eventually we the poor and simple people suffer and watching our family and friends die each day. The world remained silent and no one helping us so we decided to take an action.
The message goes on to highlight:
Be perfectly sure that all the money that we get goes to food, medicine, shelter to our people. We extremely sorry that we forcing you to pay but that’s the only way that we can keep living.
Whether any of this is true or not has yet to be verified.
What to Do if You Are Infected?
As of the moment, there is no known counter to Popcorn Time. It continues to evolve, as well, which makes it difficult for experts to put up a good defense. Authorities strongly advise to not pay the ransom fee as this will just enable the perpetuators to continue committing cybercrime.
In the meantime, exercise vigilance. Avoid clicking on or opening suspicious links and files. Regularly back up all of your important folders as well. That way, if you are affected, you can just reformat your computer or do a system rollback without losing crucial data.
Precaution is the best protection currently, especially because the ransomware has a huge potential to spread like wildfire. Being the person who infects their friends’ computers just to get out of a bind will definitely leave a bad taste in your mouth, so be extra careful.