In the world of ever-evolving ransomware, one recently spotted variant is like doxware and another has a “nasty” option of infecting two other people – be it friends, enemies or strangers – and your files will be decrypted for free.
Doxware-style ransomware steals passwords and threatens to leak info
According to the MalwareHunterTeam, one of the new ransomware variants recently discovered not only encrypts your personal files, but also steals passwords. The ransom demand warns victims that if they don’t pay, then all their data and passwords will be leaked online.
MalwareHunterTeam The example above gives victims a long time to pay the ransom – until March 1, 2017. However, the warning in red claims that trying to get rid of the ransomware or even rebooting the PC “will result in the loss of all your data and your passwords and info will be posted online!”
Other ransomware variants that employ that tactic have been dubbed “doxware;” pay up or be doxed. Some security experts predict that doxware will become increasingly more popular in 2017.
Ransomware encourages victims to infect others so files will be decrypted for free
The MalwareHunterTeam is constantly finding new ransomware variants, including those under development such as the following variant of Popcorn Time – which isn’t actually related to the Popcorn Time app to stream pirated movies and TV shows. The group of malware hunters who discovered this ransomware variant posted a series of screenshots.
MalwareHunterTeam The Popcorn Time ransomware being developed gives victims an option to pay the ransom of the one bitcoin, or to turn into attackers. Victims are given an option to take the free decryption “nasty way” and pass their ransomware woes on to others by sending a ransomware referral link to other people. Popcorn Time authors wrote, “If two or more people will install this file and pay, we will decrypt your files for free.”
MalwareHunterTeam If some poor soul were to trust the person sending the link and click on the bait, then he or she would see a fake installation screen claiming to be downloading and installing a program. In actuality, the ransomware is encrypting files.
According to the ransom note, victims have seven days to pay one bitcoin (about $780 at the time of publishing) before the decryption key is “deleted and your files will be gone forever.” The ransomware targets and encrypts hundreds of file extensions on top of files in Documents, Pictures, Music and Desktop folders.
Bleeping Computer noted that the source code indicates the developers are adding a function which will delete all encrypted files if the victim enters the wrong decryption code four times.
The authors of this particular Popcorn Time ransomware variant claim to be a group of Syrian computer science students with a sad tale. Victims are assured that the ransom payment will go “to food, medicine, shelter to our people.” The malware authors claim to be “extremely sorry” for forcing victims to pay, “but that’s the only way that we can keep living.”
We can hope this Popcorn Time ransomware variant never makes it past the development stage, but that probability seems unlikely. When the ransomware was last updated, the MalwareHunterTeam tweeted, “Now they have a system which obfuscates samples on-the-fly, also injects new IDs and BTC [bitcoin] addresses in them. They aren’t the average skids…”