Popcorn Time Malware: The New Ransomware You Need to Know

StartFragment

Popcorn Time Malware is the newest insidious ransomware that encourages its victims to spread the virus to others. Here's what you need to know about it.

The new Popcorn Time malware sounds like something from horror film, The Ring. To escape its clutches, you have to pass it on to someone you know within 7 days.

Yes, it's as bad as it sounds.

The as-yet-unreleased malware is a form of ransomware. Ransomware is one of the 3 most common malware threats.

Ransomware installs itself on your computer. It encrypts the data and locks it away.

You can only unlock your files by paying for a decryption key. Most scrambled files can't be decrypted without the key.

Ransomware even took down the San Francisco transit system in November 2016. The attackers demanded a ransom of 100 bitcoin, or $70,000.

But the new Popcorn Time malware is different. Yes, it's just as nasty as ransomware.

But it's worse. Much worse.

Read on to find out what it is - and how to protect yourself.

What makes Popcorn Time malware so bad?

The MalwareHunterTeam discovered the ransomware in early December 2016. Still in development, the Popcorn Time malware is certainly grabbing attention.

Popcorn Time malware starts out like any other malware. You download a file and double-click. Or you click on a suspicious link.

Your files are encrypted and you lose access to your data.

But its makers give you two options to restore your files.

Pay the fee and decrypt your files.
Share a link to the malware with the people you know.

Yes, it is that unpleasant. And if 2 of those people get infected and pay the ransom? Then you'll get the encryption keys for free.

Otherwise, it's likely that users will be charged 1 bitcoin, or $780, to release their files.

And it gets worse. There's even a code in the program that may delete files if a user enters the wrong key 4 times.

Law enforcement organizations actually recommend you don't pay any ransoms. There's no guarantee that users can actually recover their files.

They also note that paying the ransoms funds criminal activity. In an interesting twist, the makers of Popcorn Time claim to live in war-torn Syria.

According to their ransom note, they're trying to scrape out a living.

Can you avoid Popcorn Time malware?

Most malware comes from a USB stick, or a bad internet link. So maybe you download files from the internet or pass USB sticks to people.

Check that the file you want to open is actually what it says it is.

So your file says ThisFile.pdf. You might naturally think it's a PDF.

But the PDF should have the usual Adobe icon. If the file thumbnail doesn't display properly, proceed with caution.

And do you have the file extensions enabled? If so, all of the files will have their extensions displayed.

If not, it's already suspicious that one of the files does.

Go into the file properties and turn the file extensions on. If the file is a .EXE then do not open it.

Pay attention to what it is that you're clicking on

Don't click on links unless you know exactly what they're for.

No one knows yet how Popcorn Time malware will actually trick users into installing it. So don't download software from unofficial locations.

It goes without saying that you should keep your anti-virus software up-to-date.

Most anti-virus software can detect ransomware. It can also recognize potentially dangerous issues.

But it can't catch everything. So still scan downloaded files.

You can also 'whitelist' software applications. The lists will prevent computers installing software that's not approved.

That can be a task for your administrator.

At a most basic level, you can limit the permissions on your system. If software can't be installed without an administrator password, then malware can't install itself.

What other best practice is advised?

The main reason people do pay a ransom is to get their files back. After all, the ransomware particularly targets files in My Documents, My Pictures, My Music and the desktop.

That's a lot of financial documents, family photos, and extensive music collections to lose.

It's estimated that victims of the CryptoWall ransomware suffered around $325 million in damages.

So a key point of advice is to make regular backups of your data.

And don't just back them up to cloud storage that is accessible from My Documents.

If the storage space is installed on your machine, it's just as vulnerable to ransomware.

So use a good old-fashioned external hard drive that you can disconnect. Just make sure you disconnect it once the backup is complete.

Otherwise it's still just as susceptible to encryption.

That's especially important if you have networked drives. They're incredibly vulnerable to ransomware.

So back up the shared files to an offline storage space. It's even better if they're not directly connected to your desktop systems.

You can use a cloud service you have to log into via your browser. Sign out when you're finished.

We offer cloud storage to help you get back up and running if the worst does occur. And why not enjoy the peace of mind of knowing your files are safe?

But that's just computer-use best practice. It's recommended users get into the habit of making weekly, or even daily, backups of their files.

Education is your friend

Train your employees how to use your systems correctly. Keep them updated as to what they should and shouldn't download on work PCs.

You also want to train them to scan attachments before they download them. That extra right-click can make all the difference to the security of your systems.

And your employees can use these best practices to keep themselves safe at home too.

Check our advice for keeping networks safe while employees are online.