Ransomware Authors Intend to Give Victims a Choice: Infect Friends or Pay Up


The 2002 horror film, The Ring, had an interesting play on its genre: socialize the scares — at least in the confines of the movie. The plot was simple: if you view a cursed VHS tape, you’re doomed to die unless you can pass it onto an unwitting victim. That victim must, in turn, pass it onto another victim. If they don’t, they die. You get the point.

Unfortunately, a group of cybercriminals have decided to emulate this plot via a ransomware program called “Popcorn Time.” Its premise is simple: if a victim is infected with the Popcorn Time malware, then they must infect two other victims, who each pay the ransom of one bitcoin ($772 USD), to earn a chance at recovering their encrypted data, according to The Guardian. Alternatively, victims can pay one bitcoin to recover their encrypted files. Regardless what the victim chooses, the cybercriminals get something they want and the victim’s data gets to—possibly—go on living.

While the ransomware itself is still in development, it signals an unwelcome tactic capable of complicating ransomware defense. After all, Popcorn Time has a better chance at successfully infecting a targeted computer if a victim chooses to spread the malicious program on their own accord. They are, essentially, participating in the cybercriminal’s phishing attack—a technique that tricks victims into either giving up sensitive information or downloading malicious programs based on authority and trust. It should be noted that propagating malware for the purposes of recovering your own data is, according to Silicon Angle, illegal.

Ransomware is a particularly pernicious type of malicious program, as well. It encrypts the data on a victim’s computer and holds the decryption key hostage until the victim pays the ransom in an allotted amount of time. If the victim doesn’t pay in the desired timeframe — typically two to three days — then, usually, the cybercriminal deletes the decryption key, essentially forever locking a user out of their own device. Still, even if the victim does pay the ransom there’s no guarantee the cybercriminal will actually deliver the decryption key. And, even if the key is delivered, there’s still a chance the victim’s device can be re-infected with another strain of ransomware.

So, what can you do to stop the spread of ransomware? Well, here are a few tips:

  • Keep your devices up to date. Ransomware can infect a variety of devices, including smartphones, desktops, laptops and tablets. Usually, these malicious programs depend on a known vulnerability for silent infection. Software updates often fix these vulnerabilities, reducing the chance ransomware has to cause damage. This holds true for other malware variants as well. In fact, one of the best methods for protecting your device is to update its software early and often. So don’t hesitate to secure your device if you see an update is available.
  • Back up your data. Regular backups can help recover your devices’ data from ransomware infections. They do so by restoring a “clean state” of your internal hard drive. However, there are some precautions you need to take in order to ensure your backups aren’t infected with ransomware as well, since many ransomware instances do infect backups. These precautions are simple: if you use a cloud-based (internet-based) backup service, make sure that service provides you with multiple backups or “file versioning” — which preserves clean states of files. If you use an external hard drive to back up your devices, then make sure it is only connected to them during the backup process. A continuous connection could infect an external hard drive.
  • Use comprehensive security software. Finally, use a comprehensive security suite designed to actively protect all of your devices. Solutions like McAfee LiveSafe™ are regularly updated to scan your devices for the latest security risks (including ransomware) and flag suspicious websites. By using a comprehensive security solution, you’re investing in a secure ecosystem for your digital life, and protecting your personal data in turn.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.


Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top