Hackers continually develop ransomware. New and creative attack methods keep internet security professionals on their toes and pose challenges for people trying to detect threats. People affected by ransomware see messages asking them to pay for file access restoration. The Popcorn Time ransomware, however, takes a wholly different approach to getting victims involved.
How Popcorn Time Ransomware Works
Cybersecurity researchers from MalwareHunterTeam identified Popcorn Time in 2016. They found the ransomware under development and noticed some worrisome characteristics.
The typical way to access files after a ransomware attack is to pay the demanded ransom. Popcorn Time asked people for one Bitcoin. Alternatively, victims could extend the hackers’ reach by sending a ransomware referral link to two other people.
If those individuals installed the ransomware on their systems and paid the ransom, the original victim would supposedly receive a free decryption key. However, people don’t necessarily get the results by trusting hackers’ promises. Paying doesn’t guarantee access to files.
Plus, as a 2022 Cybereason study showed, cybercriminals may retarget victims if they agree to pay the ransom. The results indicated 80 percent of organizations that paid ransoms dealt with attacks again. In 68 percent of cases, the second instance occurred less than a month later. About 67 percent of those repeat victims said the hackers demanded higher ransoms the next time.
Would Victims Turn Into Attackers?
The Popcorn Time ransomware approach works via the referral method. People are familiar with getting discounts or other perks by telling others about services or products they know and love. Many social media users cast a wider net by posting referral messages on their profiles, catching the attention of those other than close friends or acquaintances.
No matter if a person sends the ransomware link through email, WhatsApp, or another method, most would hesitate to distribute it in ways that make it so easy for victims to identify them as the perpetrators. Laws in the United States categorize ransomware attacks as felonies that come with hefty fines and prison time.
Even those choosing to send the links to people they know face disastrous consequences beyond law enforcement. Those could include the loss of jobs and relationships.
What Does Popcorn Time Ransomware Look Like?
Anyone infected with this ransomware is shown a warning message. The strangeness of its formatting may prevent others from engaging with the shared ransomware link. It lacks a “www” portion and appears as a very long, random string of letters and numbers.
Granted, people were less familiar with cybercriminals’ tactics when researchers discovered this ransomware. However, many still knew how to recognize legitimate website addresses.
A single Bitcoin cost about $966 at the end of 2016, according to a Statista chart of the cryptocurrency’s price fluctuations. That’s an incredibly small amount in the context of newer ransomware.
Who Created Popcorn Time Ransomware?
Popcorn Time also has another aspect making it stand out. The developers identified themselves as Syrian computer science students who had each lost a family member in the Syrian War. Their message mentioned using all ransomware proceeds to pay for food, shelter, and medicine in the country.
This is a relative rarity because the hackers supposedly use the ransomware payments for reasons other than personal financial gain. It’s similar to activists using ransomware to force specific results. A ZDNet article detailed a 2022 case of activists demanding the release of political prisoners and the prevention of Russian troops entering Belarus in exchange for encryption keys given to the targeted Belarusian Railways.
All these details aside, it still seems unlikely that significant numbers of victims would help hackers spread Popcorn Time. The two main reasons are the unusual format of the link and the ease of tracing content to the sender.
Stay Secure Against Ransomware
Cybercriminals already have plenty of creative ways to harm others without involving you. Many spread malware through popular sites and services like TikTok and Discord. Targeting huge user bases increases the chances of hackers getting lots of victims through their efforts.
Malware groups also capitalize on public interest. Consider how one embedded dangerous files in an image captured by the James Webb Telescope. Similar efforts occurred with content associated with COVID-19 and the vaccines developed during the pandemic. The main takeaway is that hackers can place malware in almost any online content.
One best practice to protect yourself is always to maintain file backups. Then, you can rely on and restore copies of files the hackers took.
A 2023 IBM study also suggested law enforcement involvement can reduce ransomware breach costs. The details indicated parties that went to the police after these cyberattacks paid $470,000 less than those attempting to handle it independently.
However, the harsh reality is that modern ransomware attacks often spread beyond yourself or your organization.
Scammers Evolve, Just Like Hackers
Hackers are not the only ones engaging in dishonest methods urging people’s participation. ModernRetail explained how sellers get reviews for their Amazon products. One option involves giving reviewers free products in exchange for positive feedback on those items.
However, it has become more common for sellers to send unauthorized products to people, carrying out so-called brushing scams. These items take recipients by surprise, usually arriving without return addresses. These unscrupulous Amazon merchants then use information associated with the recipients of those unexpected deliveries to write reviews via their accounts.
Ransomware developers regularly change their methods too, and usually by ramping up the risks to those who don’t comply. Triple-extortion ransomware is an excellent example. These attacks start as expected, with victims receiving ransom demands after they find their files inaccessible.
The attack persists, even if victims pay. After they do, hackers eventually contact them again, threatening to leak sensitive details unless people provide more money. The cybercriminals even extend their reach by engaging with a victim’s associates, threatening to publicize private data unless they also pay.
Hackers have further evolved by allowing people to deploy ransomware without creating it. That’s the concept behind ransomware as a service, where people can buy ready-to-use malware on the dark web.
The Threats Span Beyond Popcorn Time
Those who identified the Popcorn Time malware found it unfinished, suggesting the hackers had not yet deployed it. However, the unusual characteristics mentioned earlier were their primary worries.
This example and others emphasize the importance of staying vigilant against and aware of malware and additional threats. Just when you think you know all the biggest cyberthreats, hackers will almost certainly have unpleasant surprises in store.
Click Here For The Original Source.
