The latest twist in the ransomware story has come as an unwanted early Christmas present for some.
“Popcorn Time” is the latest variant of the file-encrypting malware, but the difference with this one is that it gives an option for those who don’t want to pay the ransom. Unfortunately that option is to infect two other’s systems with the same ransomware. The alternative is to pay the fee of one bitcoin (£614) to have their files unlocked.
In order to avoid payment, the victim can send a referral link to others, in the hope that they get infected with the code. And for the original victim to get their files decrypted for free, two of the subsequent victims must have paid the full ransom demand themselves.
The authors of the malware are claiming that the money received will be used to cover the costs of food, water and temporary homes for those in war-torn Syria.
Lawrence Adams, a writer for Bleeping Computer, has suspicions that the people behind this scam have not finished yet. He thinks that there will be subsequent updates, extending the features of the work.
Luckily for some, progress is being made in helping those who have been affected by various strains of ransomware. The NoMoreRansom Alliance is a group of volunteers who endeavour to reverse-engineer ransomware, creating and sharing decryption keys with the victims of such extortion. Often the coding of ransomware is carried out by programmers who leave behind holes in the encryption implementations, and this allows the Alliance members to break the systems. Unfortunately, there’s no signs of a slowdown in this illegal industry. Many recent examples of fixes have been produced, saving people from spending large amounts of currency via bitcoin.
An investigation by Trustwave last year identified that while there are profit margins that sit around the 1500% mark, it’s still worth the investment by criminals in this arena.
It’s also been shown when the criminals send out the decryption keys following a ransom payment, they don’t always work, and your files may sit in an unrecoverable state.
As always, the advice remains the same – backup whenever you can. Using an automated incremental backup solution could save your files in the long run. It’s always best to have another option too, such as an external hard disk which is only connected to your system while a backup is taking place. If it’s kept offline/disconnected for the rest of the time, then there’s a much smaller chance of ransomware being able to access and tamper with the data.