One recently spotted ransomware has a nasty option to infect two other people and have encrypted files decrypted for free. If you want your files back but don’t want to pay the ransom, ransomware’s operators will give you free decryption keys if you infect your friends through referral links.
According to MalwareHunterTeam, they disclosed a new in-development ransomware called Popcorn Time. However, not only do they turn victims into scumbags, there is unfinished code in the ransomware that may indicate that if a user enters erroneous decryption key four times, the ransomware will start wiping out the files.
To facilitate this, the Popcorn Time redemptive note will incorporate a URL that points to a file located on the ransomware’s TOR server. At this time the server is down, so it is unsure how this file will appear or be disguised in order to trick people to install it.
When Popcorn Time is carried out, it will display a lock screen, but filled in with various information relating to your particular installation. For example, [UID] will be replaced with the victim’s unique ID and the [WADDRESS] field will be replaced with the bitcoin address you should send payment too. There is also a field where a dupe can enter the decryption code that will be given to them if they pay the ransom.
Once started, the Popcorn Time ransomware will check to see if the ransomware has been run already by checking for various files such as %AppData%\been_here and %AppData%\server_step_one. If the been_here file exists, it means the computer has already been encrypted and the ransomware will terminate itself. Otherwise, it will either download various images to use as backgrounds or start the encryption process.
— MalwareHunterTeam (@malwrhunterteam) December 12, 2016