Popcorn Time malware situated in early December in 2016 by victimization the Malware Hunter Team, Popcorn Time works rather than the other ransomware may nowadays. First, it encrypts and locks away the victim’s files and statistics upon infecting the device. After that, it flashes a message at the infected display screen to prompt the sufferer to pay the ransom. A shape that the sufferer can use to pay up in addition to a timer is then shown. There is an ultra-modern addition to the Ransomware trend! The malware hunter team has detected a brand new Ransomware, which leaves the sufferers in a predicament between paying the ransom quantity to the cyber-criminal and infecting two additional structures. The Ransomware dubbed Popcorn time scans victims system and encrypts numerous report extensions inclusive of pictures, record and music documents.

Popcorn Time malware offers victims seven days to pay a ransom before deleting his or her documents. When the ransomware is downloaded, it will display a faux loading display screen because it encrypts a user’s files making them inaccessible. Popcorn Time has been up to date to encrypt files on a user’s My Desktop, My Pictures, and My Music folders, according to the cybersecurity website online BleepingComputer.Com.

Once the documents are encrypted, a new screen displaying a countdown and a ransom message will appear. Users can both pay 1 bitcoin to the provided Bitcoin cope with or infect two of their pals, and feature them pay the rate instead. Once the user can pay the ransom, they’ll get a decrypt code; you have four attempts to type within the decrypted code earlier than your documents are deleted.

READ  Sql injection

The malware ripped off the call of the torrenting website online Popcorn Time. The unique Popcorn Time changed into close down after a copyright infringement healthy added via the Motion Pictures Association of America observed by means of a series of DNS attacks. Since then, however, Popcorn Time variants have regarded below more than one domain name.

The code for the streaming website is also available at the coding platform Github. A new net version referred to as Popcorn Time Online has considering that launched, which permits you to move Torrents directly from the browser instead of getting to download an app

The ransom display screen that looks on Popcorn Time consists of a few backstories at the creators. They purport to be a collection of laptop technology college students from war-torn Syria, in desperate need of cash. The message says the cash will go closer to supplies for the affected families.

“Be perfectly positive that the money we get goes towards food, medicine, and shelter to our people. We are extremely sorry we’re forcing you to pay but that’s the handiest way we will move on living.

Specifically, the malware will give you a link to send to two of your friends, and if they both get inflamed and pay the ransom, the program will decrypt your documents for free. At least it says it’s going to. As with all matters ransom-related, there are no guarantees.

Needless to say, infecting your buddies with malware to save yourself is particularly unethical, and also in all likelihood illegal. If you do get infected with Popcorn Time or some other ransomware, your excellent bet is to contact trained security professionals. Better yet, make certain to lower back up your documents and keep them on a hard force that’s no longer connected in your main laptop. That, and don’t download sketchy pirate software.

READ  SystemBC Malware Uses SOCKS5 Proxies in Windows

Table of Contents

What is Popcorn Time Ransomware?

The Ransomware shares the call of a chunk torrent client, which allowed customers to download and circulation films. This has been intentionally done to trick users into installing it, by using posing as setup wizard for legitimate software. It has to be remembered that original Popcorn Time became shut down due to a series of DDOS attacks, moreover, reviews were stating that Popcorn Time variations (the bit-torrent client) have re-regarded beneath a couple of domain names.

How does it work?

Once executed, it will first test whether or not Ransomware is strolling through checking the files in Application Data or App Data. Any software set up in Windows operating device installs its folder in AppData and stores records there. If the record is already present, then the Ransomware will terminate itself.

Otherwise, the Ransomware will provoke the encryption of documents. Popcorn Time Ransomware uses AES encryption, which encrypts xlsm, .Syncdb.Pptm, .doc and.My backup files. To each encrypted extension. Flock is added. After hit encryption is carried out, it displays a note encouraging victims to pay a ransom of 1 Bitcoin, which can be paid inside a week.

What makes it peculiar?

The sufferers need to sell this hyperlink to any two human beings in order that their systems are infected. The malicious hyperlink will download the Ransomware onto their device. If at the least of those other human beings pay the ransom, the files are decrypted freed from charge.

READ  Buran Ransomware

How to Prevent?

  1. Make use of eScan products, which fight the danger of Ransomware with its PBAE Technology.
  2. Always download apps from their official website or Google Play Store instead of unknown sources due to the fact many apps save an are still imparting the app.
  3. Download applications of a dependable app developer and check the user rankings and critiques of the apps earlier than download them.
  4. Ensure that each one the software mounted on your machine is up to date frequently, such as Oracle Java and Adobe.
  5. Implement a three-dimensional protection policy for your organization, i.E. Firstly recognize your requirement based totally on which IT Security coverage might be prepared accordingly. Secondly, educate your personnel about the coverage and ultimately put into effect the coverage.
  6. Make positive you either put into effect MailScan at the gateway level or allow Mail Anti-virus on the endpoint to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your gadget.