Popcorn Time Ransomware Infiltrates Your PC And Encourages You To Infect Others
I wouldn't rank this as a new low in malware and its authors—that distinction belongs to the soulless jerks who injected a script into the Epilepsy Foundation's website that redirected visitors to a page with seizure inducing animated GIFs. If there's a line in malware, they clearly crossed it and that remains as arguably the worst offense to date.
A new ransomware tactic is to encourage users to infect others with a referral link in exchange for an unlock key
While Popcorn Time isn't quite as heinous and doesn't set a new low overall, it is probably the worst example of ransomware to date. Not to be confused with the popular BitTorrent client with an integrated media player, the Popcorn Time ransomware comes with a referral link and two sets of directions—one for restoring files "the fast and easy way" (pay a ransom of 1 Bitcoin) and another for restoring files "the nasty way" (use the referral link to dupe two other people).
That's not the only bit of nastiness here. Entering the wrong decrypt key four times can result in files being deleted, according to an unfinished entry in the source code. It's not clear if that's a feature still in development or if it's meant to scare users into ponying up a Bitcoin (or infecting others) to be done with Popcorn Time.
On the plus side, Popcorn Time won't install on top of itself, thereby forcing the victim to obtain two keys. It checks to see if it's already been installed, and if so it terminates the process. Otherwise it gets to work installing and searching for files with several specific file extensions located in My Documents, My Pictures, My Music, and the desktop.
Since Popcorn Time is currently in development it could become even more devious as time goes on. Our advice? If you become infected, don't help the authors out by using the referral link, or else this could become an ugly trend.