This, of course, involves sending a payment in BitCoins to the hackers in exchange for the decryption key, but here’s the twist: The latest variant, called “Popcorn Time,” gives infected users a second option. If they don’t want to pay the ransom, they can infect two other people and get their decryption key for free.
The variant was first discovered by the MalwareHunter Team, and to this point, it is not known if anyone who has been infected by the software has opted to knowingly infect other users to get their files back. Statistically speaking, however, it’s just a matter of time.
It’s as clever a strategy as it is cruel, building a viral component into what is an already vicious bit of code.
What’s even worse about it is the fact that the code is still under development, although it is being actively spread. In its current iteration, it won’t accept your encryption key, even if you opt to pay the ransom. After the fourth failed attempt to enter your key, it starts deleting your files.
While this is the first time we’ve seen such a mechanism built into ransomware, now that it’s in the public eye, it’s certain to make appearances in other strains. A user who is sufficiently desperate to regain access to his or her files will undoubtedly opt for the “pass it on” function.
The best defense against this latest attack vector is education. If it’s been a while since you’ve spoken with your team about the dangers of opening emails from unknown parties, now is the time. It doesn’t matter how robust your digital security system is; one wrong click can spell serious trouble for your system.