The Popcorn Time ransomware offers free decryption key if victim infects others

Ransomware, Threat

A new kind of ransomware has been discovered by the security researchers. The Popcorn time, a ransomware that gives victim another criminal means to get free decryption key.

The ransomware offers victims a free decryption key if victim choose to infect two other people. In case other two other people pays up the demanded ransom to the criminal, the original victim is given the decryption key for free.

The Popcorn Time ransomware has been discovered by MalwareHunterTeam who claimed the ransomware contains more devastating code which is currently in development phase. Researchers asserted that there is “in progress code” in ransomware that indicates that if a victim enters the wrong decryption key 4 times, the ransomware will start deleting the encrypted files.

How the Popcorn Time Ransomware Encrypts a Computer

Once Popcorn Time is initiated, it first checks if the ransomware has already been activated and encrypted the files. If it finds yes, then it stop otherwise if continue with its normal execution process.

popcorn time (credit- beepingcomputers)
popcorn time (credit- beepingcomputer)

As this ransomware is in development phase, currently it is capable of encrypting files stored in folders such as the desktop, My Documents, My Music and My Pictures. It is suspected that the ransomware will extend it’s boundary to more such folders.

It searches the folder for specific file extensions such as .db, or .xlsm, etc and if found then encrypts them with AES-256 encryption. When the ransomware has finished encrypting a computer, it will then automatically display the HTML ransom note as displayed below.

html-ransom-note (credit- beepingcomputers)
html-ransom-note (credit- beepingcomputer)

When a file is encrypted it will have the .filock extension added to it. So a file called image.jpg would be encrypted as image.jpg.filock.

As stated, the Popcorn Time ransomware is still in development phase, many things may change further.