Hackers have done the impossible and found a way to make ransomware even more awful. The new variant still locks down a computer’s files, with the decryption key only being handed over once a victim pays up, but this malware offers another option: infect two more targets to get the unlock key for free.
Anyone who finds they’ve been infected with “Popcorn Time,” which is named after (but not related) to the BitTorrent client, will find their files locked with AES-256 encryption. It will remain in place unless a ransom of one bitcoin (about $779.50 dollars) is paid to an anonymous wallet within seven days.
Or, people could opt for what the developers are calling “the nasty way.” Popcorn Time’s warning message includes a link for victims to share, which will pass the malware onto others. If two or more people open the file and end up paying the ransom, the person who was originally infected will receive a free decryption key.
Popcorn Time was discovered on the Dark Web by malware forensic experts MalwareHunterTeam. It’s still in development, but its nefarious distribution method means it could spread quickly if released in the wild.
If all this doesn’t sound bad enough, Bleeping Computer’s Lawrence Abrams discovered unfinished code in Popcorn Time that indicated if a user entered the wrong decryption key four times, it would start deleting files. There’s no guarantee this feature will make it into the final version, but it’s a strong possibility, given the other unpleasant aspects of the malware.
MalwareHunterTeam has posted some screenshots from Popcorn Time, revealing that the developers are purportedly Syrian computer science students. They claim the victims’ money “will be used for food, medicine, and shelter to those in need.”
"We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living," reads the message.