Ransomware Offers Incentives To Infect Others With Malware

A new ransomware variant introduces a twist into the malware by offering users a free decryption key, but only if they successfully infect two others and force them to pay up.

The malware, called Popcorn Time, offers users two ways to unlock their files, the “easy way”, by paying 1 Bitcoin (about £620), or the “nasty way”, by sending a “referral link” to other computers.

Referral link

If two others pay a ransom as a result of the referral, the original victim will be sent a free decryption key, according to the instructions displayed by the malware.

The program isn’t related to the video-streaming application of the same name, according to computer security researchers MalwareHunterTeam.

The malware’s source code indicates that it contains a feature that begins deleting users’ files if the wrong key is entered four times, although the feature hasn’t yet been enabled, according to IT education site Bleeping Computer, which earlier disclosed MalwareHunterTeam’s research.

Ransomware rise

The malware is still under development, according to MalwareHunterTeam, and currently targets files in the My Documents, My Pictures, My Music, and desktop folders.

Files are encrypted using the AES-256 algorithm, with a .filock extension appended to the filename.

Researchers have reported a sharp rise in malware infections this year, with some reporting a large proportion of those who pay didn’t receive a decryption key.

Kaspersky Lab said infections of enterprises rose threefold between the first and third quarters of this year, attaining a rate of one infection every 40 seconds.

“The classic ‘affiliate’ business model appears to be working as effectively for ransomware as it does for other types of malware,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. “Victims often pay up so money keeps flowing through the system. Inevitably this has led to us seeing new cryptors appear almost daily.”

The company found 20 percent of small businesses who paid a ransom didn’t have access restored.

Trend Micro also surveyed businesses who paid ransoms and found the same proportion did not receive a decryption key.

Trend said new ransomware families grew by four times from January to September 2016 and predicted the figure would grow by another 25 percent in the coming year.

Do you know all about security in 2016? Try our quiz!