Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/12/2016
08:00 AM
100%
0%

Pay Ransom Or Infect Others!

Still under development, new ransomware will ask victims to free their files by paying 1 bitcoin or by infecting two others.

The ransomware world appears all set to get even more malicious as a new under-process malware has been discovered on the Dark Web which, when completed, will have a “novel and nasty twist” to it, reports Threatpost. Dubbed Popcorn Time, the ransomware will give its victims an option – pay 1 bitcoin to get your decryption key or infect two other people to get your decryption key. The ransom deadline will be one week.

The malware is reportedly being developed to target 500 file types and will employ AES-256 encryption to freeze files with .filock extension, Threatpost says. 

“I have never seen anything like this in ransomware. This is definitely a first,” says Lawrence Abrams of BleepingComputer.com. “There is unfinished code in the ransomware that may indicate that if a user enters the wrong decryption key four times, the ransomware will start deleting files,” he adds.

Developers of Popcorn Time claim to be students from Syria who say the money received will be used to provide relief to people of the war-ravaged country.

Read details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Nanireko
50%
50%
Nanireko,
User Rank: Apprentice
12/14/2016 | 9:39:33 AM
Popcorn Time
If you infect your friends, they can infect you too later + if all start to massively infect others, ransomware authors will have to close their business and plenty of people will demand free decryption keys.
Crypt0L0cker
50%
50%
Crypt0L0cker,
User Rank: Strategist
12/13/2016 | 3:24:21 AM
Re: Popcorn Time ransomware
I have really big doubts that they are Syrian students. Looks like the next step of social engineering - make a victim to sympathize the crooks.
jjcouch
50%
50%
jjcouch,
User Rank: Author
12/12/2016 | 10:32:18 AM
And it continues...
Unfortunately, I think these evolutionary changes to ransomware will continue until a more thorough preventitive solution can be developed. I'd be interested to read more on their infection method: whether by phishing or drive-by downloads or other.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19807
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.