Ransomware is the malware du jour and those seeking to extract money from victims have started to use a pyramid scheme system to increase the rate of infection. Not content with encrypting a victim’s files and holding them to ransom, the Popcorn Time ransomware encourages those who have been struck to pass on the infection.
As is the norm with ransomware, Popcorn Time gives the victim the chance to pay a Bitcoin ransom to decrypt their files, but it also offers a self-described “nasty way” to unlock files for free. Think of it as a ransomware referral scheme.
Victims are invited to encourage people they know — or perhaps just random people — to install the ransomware themselves. If two or more people take the bait, the original victim’s files are (allegedly) decrypted for free. When informing victims that their files have been rendered inaccessible, the malware asks for a ransom of 1 Bitcoin, but also displays the following message:
Send the link below to other people. If two or more people install this file and pay, we will decrypt your files for free.
With 1 Bitcoin equating to the thick end of $800, there’s a fairly major incentive for victims with questionable morals to opt for the free decryption route. Just like all pyramid schemes, it is the offer of an incentive that helps with proliferation. Popcorn Time is currently something of an experiment, and it’s likely that it’s a scheme that will, ultimately, target companies rather than individuals.
It’s a malware campaign that’s looking to play something of a long game. Hitting average computer users with this form of ransomware, and it’s likely that they’ll choose to pass the link on to friends, or just fire off emails to a bunch of random addresses. Further down the line, it is big businesses that will eventually fall victim — businesses that are far more likely to cough up than risk the alternative.
Analysis of the Popcorn Time source code shows that there could be plans to delete encrypted files should a victim enter an incorrect decryption key four times.
What’s most surprising, perhaps, is that it has taken so long for someone to come up with pyramid scheme ransomware. Now that the idea is out there, there could well be more variants that follow suit.
Image credit: Africa Studio / Shutterstock