Pop. Pop. Popopopopopopopop.
December 12, 2016 6:17 AM   Subscribe

Last week, MalwareHunterTeam discovered code for new ransomware under development called Popcorn Time (no relation to the streaming app). Like most ransomware, it is designed to encrypt the victim's files and withhold the decryption key until a ransom is paid. However, Popcorn Time adds a nasty twist: if the victim is able to infect two others using a referral link, they can get their decryption code free of charge if payment is successfully extracted. The discovered code is still incomplete, and it's not known how far it might be from completion. Further reading: a history of ransomware from Wired.
posted by duffell (25 comments total) 17 users marked this as a favorite
 
Social Contract: 1700(?) - 2016



.
posted by randomkeystrike at 6:19 AM on December 12, 2016 [3 favorites]


Someone's been watching Black Mirror.
posted by CheeseDigestsAll at 6:27 AM on December 12, 2016 [15 favorites]


Ransomware and MLM: two great tastes that go great together!
posted by Dr Dracator at 6:27 AM on December 12, 2016 [17 favorites]


If I'm reading the stories correctly, the two referrals not only have to be infected, but they have to pay in order for the referrer to get their own decrypt key.
posted by lagomorphius at 6:31 AM on December 12, 2016


Someone's been watching Japanese horror movies.
posted by musofire at 6:31 AM on December 12, 2016 [13 favorites]


Your data will die in seven days
posted by J.K. Seazer at 6:31 AM on December 12, 2016 [7 favorites]


Gee, it's too bad many companies have treated their employees so poorly.
posted by spacewrench at 6:32 AM on December 12, 2016 [4 favorites]


Incidentally, the other Popcorn Time is not exactly a streaming app. I believe it uses BitTorrent as the transport protocol, so it shows up on the radar of the copyright trolls. (Who also deserve a FPP...hmmm.)
posted by spacewrench at 6:34 AM on December 12, 2016 [1 favorite]


Social Contract: 1700(?) - 2016

Glad we're not overreacting.

The tiny overlap of referrers who are smart enough to con a significant number of people into following the links, and yet stupid enough not to recognise the likely legal consequences, makes this seem much less threatening that trojans that just spam your addressbook.

And we don't know if it even exists.
posted by howfar at 6:34 AM on December 12, 2016 [3 favorites]


Backup and verify. Once you start, you're 99.9% safe.
posted by blue_beetle at 6:39 AM on December 12, 2016 [2 favorites]


TIL: Apparently some malware developers work semi-openly or release their unfinished source code or something? The only explanation I could find was that the code was found "on the dark web," which makes sense, but I'd be really curious to know how it ended up there. Is this an in-process collaboration? Is open-source malware a thing?
posted by nebulawindphone at 6:40 AM on December 12, 2016 [1 favorite]


So, like It Follows?
posted by Cash4Lead at 7:02 AM on December 12, 2016 [2 favorites]


So, like It Follows?

Well, without the sex.

Or getting duct-taped to a wheelchair.

Or having friends to look out for you.
posted by GenjiandProust at 8:37 AM on December 12, 2016 [1 favorite]


If I'm reading the stories correctly, the two referrals not only have to be infected, but they have to pay in order for the referrer to get their own decrypt key.

That would make sense, because otherwise it would be pretty easy to fake a referral.
posted by Kutsuwamushi at 8:40 AM on December 12, 2016


Backup and verify.

And keep the backups either offline or in the cloud (or both, if you're feeling thorough). You don't want that backup to be a connected drive when your system gets infected.
posted by Greg_Ace at 9:17 AM on December 12, 2016 [2 favorites]


blue_beetle: "Backup and verify. Once you start, you're 99.9% safe."

Ha, until I design my quantum non-local entanglement malware. Once you encrypt one bit of data on your machine, the entangled backup is ALSO encrypted only via an encryption mode that's a inversion of the original encryption.
posted by symbioid at 9:34 AM on December 12, 2016 [1 favorite]


Backup and verify. Once you start, you're 99.9% safe.

Could you please elaborate (for the lay person)?
- Verify: Do you mean opening your documents on the backup to verify they are there?
- Once you start, you're 99.9% safe: Once you start backing up? Don't you have to make sure all the files transferred over to the backup?

Thanks!
posted by cynical pinnacle at 10:56 AM on December 12, 2016 [1 favorite]


The best way around this kind of exploit is to not care about anything and do nothing at all.
posted by srboisvert at 10:59 AM on December 12, 2016 [2 favorites]


Adama was wise.
posted by Kafkaesque at 11:21 AM on December 12, 2016 [4 favorites]


cynical pinnacle - Most backup programs have a "verify" option that, once the backup is done, checks that the backup volume is physically intact and all the files in the backup are readable, so that you'll be able to restore the backup if necessary. This process can double the time it takes to finish the backup process, but it's good insurance.

Not only that, but to get "99.9%" safety, you'll want successive separate backups - i.e., don't just overwrite the .bak file every time. If you backup your data after it's been infected, the backup is useless. If you still have an older backup available, you might lose whatever changes had been made to your systems/applications/data since then but at least you can revert to a non-infected state by restoring that older backup.
posted by Greg_Ace at 12:59 PM on December 12, 2016 [1 favorite]


Metafilter: glad we're not overreacting.
posted by randomkeystrike at 1:48 PM on December 12, 2016 [1 favorite]


Sounds like they borrowed a trick from the sex trafficking gangs (who sometimes tell their victims they'll let them go if they persuade several of their friends from their home town to take the bait and go abroad to that “highly paid office job”).
posted by acb at 2:27 PM on December 12, 2016


There are so many more awful things that malware could do to blackmail you. Send awful things to everyone on your contact list. Secretly record you, and threaten to post the video. Delete your *cloud* backups. I think we're only at the beginning of this.
posted by miyabo at 7:08 PM on December 12, 2016


- Verify: Do you mean opening your documents on the backup to verify they are there?

Many people backup, but few have actual need to restore. It is a sad day when you finally need your backup, and realize you don't know how to restore, don't have a practically usable restore procedure or have botched your backup and the data is gone.

For a mission critical backup, you want to practice doing a full restore on a test system *before* disaster strikes, and run whatever checks you can to verify that everything has worked properly.
posted by Dr Dracator at 11:22 PM on December 12, 2016


[A few deleted; sorry, probably better to forego the ambiguous joke links in this context.]
posted by LobsterMitten at 12:50 PM on December 13, 2016


« Older No, really, it's FINE.   |   Distributional National Accounts: Trading Places Newer »


This thread has been archived and is closed to new comments