Page 1 of 2 12 LastLast
Results 1 to 16 of 21

Thread: Popcorn Time ransomware operates a 'referrals program'

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    25,377
    Thanks
    0
    Thanked
    1,369 times in 515 posts

    Popcorn Time ransomware operates a 'referrals program'

    Either pay up 1BTC ($780, £618), or infect two 'friends', in order to decrypt your files.
    Read more.

  2. #2
    Senior Member
    Join Date
    May 2014
    Posts
    285
    Thanks
    11
    Thanked
    19 times in 16 posts

    Re: Popcorn Time ransomware operates a 'referrals program'

    A social engineering based virus like that does not feel like it was made by someone "just fer tuh lulz". That's far more sinister

  3. #3
    I really don't care
    Join Date
    Jun 2016
    Posts
    504
    Thanks
    10
    Thanked
    62 times in 50 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • Corsair DDR4 2800 Quad
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 850 EVO; RAID-0 x2 WD Black
      • Graphics card(s):
      • EVGA GeForce GTX 970 x2 SLI
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • x2 23.5" 1080 72Hz OC
      • Internet:
      • Zen FTTC

    Re: Popcorn Time ransomware operates a 'referrals program'

    Does sound more like a social experiment. How evil.

    Still easy fix, spin up two virtual machines.

  4. #4
    Senior Member Macman's Avatar
    Join Date
    Nov 2010
    Location
    Glasgow
    Posts
    1,308
    Thanks
    174
    Thanked
    77 times in 64 posts
    • Macman's system
      • Graphics card(s):
      • nVidia GeForce 8500 GT-1
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 36" Samsung HDTV

    Re: Popcorn Time ransomware operates a 'referrals program'

    Quote Originally Posted by Dashers View Post
    Does sound more like a social experiment. How evil.

    Still easy fix, spin up two virtual machines.
    How would that fix it? Wouldn't they need payment first?

    (However, there is a sinister alternative: if you share the malware with at least two other folk, who fall victim to it and 'pay up')

    If it happened to me, I assume I could just wipe the entire PC? As there is nothing on my PC that is... something I need to keep. It is purely a gaming PC. Pictures/Videos are all kept on separate PC and Laptop as backup.

  5. #5
    Senior Member
    Join Date
    Jan 2009
    Posts
    240
    Thanks
    15
    Thanked
    11 times in 8 posts

    Re: Popcorn Time ransomware operates a 'referrals program'

    Quote Originally Posted by Macman View Post
    How would that fix it? Wouldn't they need payment first?

    If it happened to me, I assume I could just wipe the entire PC? As there is nothing on my PC that is... something I need to keep. It is purely a gaming PC. Pictures/Videos are all kept on separate PC and Laptop as backup.
    I believe the insinuation would be that if a VM was infected you'd just delete it and use the other, then spin up a 2nd again.

    Indeed, if you have up to date backups then this is just a pain-in-the-back-side. You could simply format the PC and re-install Windows / all your software again, then copy the data back.

    I always prefer to have an offline copy of data on a USB drive. As I assume these Malware programmes can easily infect Dropbox / etc if they are used from the desktop.

  6. #6
    Registered User
    Join Date
    Dec 2016
    Posts
    1
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Popcorn Time ransomware operates a 'referrals program'

    Quote Originally Posted by Dashers View Post
    Does sound more like a social experiment. How evil.

    Still easy fix, spin up two virtual machines.
    It's fairly easy for malware to detect if it's running in a VM environment by looking at the range of memory addresses the malware is running on .

  7. #7
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    16,937
    Thanks
    774
    Thanked
    2,116 times in 1,381 posts

    Re: Popcorn Time ransomware operates a 'referrals program'

    This is just awful, it reminds me of a certain religious group that believe heaven has a finite number of places and the only way to get in is to convert more people to said religion than others do.
    throw new ArgumentException (String, String, Exception)

  8. #8
    Anthropomorphic Personification shaithis's Avatar
    Join Date
    Apr 2004
    Location
    The Last Aerie
    Posts
    10,446
    Thanks
    598
    Thanked
    803 times in 692 posts
    • shaithis's system
      • Motherboard:
      • Asus P8Z77 WS
      • CPU:
      • i7 3770k @ 4.5GHz
      • Memory:
      • 32GB HyperX 1866
      • Storage:
      • Lots!
      • Graphics card(s):
      • Sapphire Fury X
      • PSU:
      • Corsair HX850
      • Case:
      • Corsair 600T (White)
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • 2 x Dell 3007
      • Internet:
      • Zen 80Mb Fibre

    Re: Popcorn Time ransomware operates a 'referrals program'

    Quote Originally Posted by Macman View Post
    How would that fix it? Wouldn't they need payment first?

    (However, there is a sinister alternative: if you share the malware with at least two other folk, who fall victim to it and 'pay up')
    The 2 VMs are the solution, let it infect them and then your main PC is in the clear.....IF you believe their claims.

    Scum sucking dregs of humanity that they are, I wouldn't trust infection or paying.
    Main PC: Asus P8Z77 WS / 3770k / Antec H1200 Pro / 32GB DDR3-1866 / Sapphire Fury X / Areca 1680 / 850W EVGA SuperNOVA Gold 2 / Corsair 600T / 2x Dell 3007 / 4 x 250GB SSD + 2 x 80GB SSD / 4 x 1TB HDD / Windows 10 Pro, Yosemite & Ubuntu
    HTPC: AsRock Z77 Pro 4 / E3-1230v2 / 24GB / GTX 1080 / SST-LC20 / Antec TP-550 / Hisense 65k5510 4K TV / HTC Vive / 2 x 240GB SSD + 12TB HDD Space / Race Seat / Logitech G29 / Win 10 Pro
    HTPC2: Asus AM1I-A / 5150 / 4GB / Corsair Force 3 240GB / Silverstone SST-ML05B + ST30SF / Samsung UE60H6200 TV / Windows 10 Pro
    Spare/Loaner: Gigabyte EX58-UD5 / i950 / 12GB / HD7870 / Corsair 300R / Silverpower 700W modular
    NAS 1: HP N40L / 12GB ECC RAM / 2 x 3TB Arrays || NAS 2: Dell PowerEdge T110 II / 24GB ECC RAM / 2 x 3TB Hybrid arrays || Network:Buffalo WZR-1166DHP w/DD-WRT + HP ProCurve 1800-24G
    Laptop: Lenovo Flex 2 / 12GB RAM / 240GB Corsair Force 3 Printer: HP CP1515n || Phone: HTC One M9 || Other: Samsung Galaxy Tab 4 Pro 10.1 CM12.1 / Playstation 4 + G29 + 2TB Hybrid drive

  9. #9
    '~'+'~' Enverex's Avatar
    Join Date
    Oct 2003
    Location
    West Midlands
    Posts
    892
    Thanks
    0
    Thanked
    0 times in 0 posts
    • Enverex's system
      • Motherboard:
      • Gigabyte H77n-WiFi
      • CPU:
      • Intel i5-3570K with Scythe Shuriken
      • Memory:
      • 16GB Crucial Ballistix Tactical 1600Mhz
      • Storage:
      • Samsung 840 500GB SSD
      • Graphics card(s):
      • MSI GTX 670 2GB OC Power Edition
      • PSU:
      • EVGA SuperNOVA 550W G2
      • Case:
      • Silverstone Sugo SG11
      • Operating System:
      • Windows 10 Pro 64bit
      • Monitor(s):
      • LG 42LW550T 42" TV
      • Internet:
      • BT Infinity

    Re: Popcorn Time ransomware operates a 'referrals program'

    Quote Originally Posted by Dashers View Post
    Still easy fix, spin up two virtual machines.
    The article states that those two people have to pay up, not just be infected, so that idea won't work.

  10. #10
    Member
    Join Date
    Jul 2007
    Posts
    186
    Thanks
    1
    Thanked
    6 times in 4 posts

    Re: Popcorn Time ransomware operates a 'referrals program'

    Quote Originally Posted by Enverex View Post
    Quote Originally Posted by Dashers View Post
    Still easy fix, spin up two virtual machines.
    The article states that those two people have to pay up, not just be infected, so that idea won't work.
    The lack of reading comprehension here was starting to set me off by the time I got this far in. I don't think there's any ambiguity in how you said it, even though it was already mentioned by someone else above and they carried on regardless.

  11. #11
    Registered+
    Join Date
    Nov 2005
    Location
    Scotland
    Posts
    73
    Thanks
    3
    Thanked
    3 times in 3 posts
    • mikeo's system
      • Motherboard:
      • MSI Z170A Gaming M7
      • CPU:
      • I7 6700k @ 4.4
      • Memory:
      • 16GB Corsair Vengeance LPX 2666
      • Storage:
      • Samsung SM951 NVMe 256GB, EVO 850 500GB, EVO 840 256GB, Vertex 4 256GB, Vertex 2 120GB & 2x F3 1TB
      • Graphics card(s):
      • EVGA 1070 FTW
      • PSU:
      • Corsair HX 750w
      • Case:
      • Lian Li PC-B25F
      • Operating System:
      • Windows 10 x64 (retail)
      • Monitor(s):
      • Dell S2716DG
      • Internet:
      • Xilo/Uno broadband partial LLU via TalkTalk

    Re: Popcorn Time ransomware operates a 'referrals program'

    This is where a good backup strategy comes in handy.
    Live long and prosper.

  12. #12
    Senior Member
    Join Date
    Mar 2009
    Location
    Manchester
    Posts
    1,043
    Thanks
    18
    Thanked
    47 times in 39 posts
    • Percy1983's system
      • Motherboard:
      • ASRock Z77 Extreme 4
      • CPU:
      • Intel 3570k (4.5ghz) + Cooler Master Nepton 140XL
      • Memory:
      • 16GB (4x4GB Crucial Tactical DDR3 1866mhz)
      • Storage:
      • 250GB Samsung 850 evo + 2x2TB Seagate 7200.14 in raid 0 with 64gb Crucial M4 Cache + 2TB Storage
      • Graphics card(s):
      • 4Gb AMD 290x @ 1110/1500 (Asus Direct Cu II) x2 Crossfire
      • PSU:
      • 875w Thermaltake Toughpower XT
      • Case:
      • Thermaltake Level 10 GT Snow Edition
      • Operating System:
      • Windows 10 Pro 64bit
      • Monitor(s):
      • 24" Acer UHD x2 and 55" UHD LG 3D
      • Internet:
      • Talk Talk!

    Re: Popcorn Time ransomware operates a 'referrals program'

    I doubt I will fall victim to one of these but if I do its just the format and restore backup.

    I run my backup daily at busy times with my business, past that just when needed.

    I don't backup my steam library so that would be one hell of a download.

  13. #13
    Drum & Bass Till I Die deejayburnout's Avatar
    Join Date
    Jun 2012
    Location
    Fife, Kinglassie
    Posts
    1,943
    Thanks
    239
    Thanked
    120 times in 105 posts
    • deejayburnout's system
      • Motherboard:
      • Gigabyte GA-870A-USB3L
      • CPU:
      • AMD FX-6300 @ 4.3GHz with Hyper 212 Evo Cooler
      • Memory:
      • 2 x 4GB Corsair Vengance LP DDR3 1600mhz
      • Storage:
      • 120gb OCZ Vertex 460, 120GB Kingston SV200, 500GB Segate Drive, 2 x 1TB WD Drive, 640GB WD Drive
      • Graphics card(s):
      • Sapphire R9 280x Vapor X
      • PSU:
      • OCZ 750 Watt
      • Case:
      • Sharkoon Green T9
      • Operating System:
      • Windows 8.1 64bit
      • Monitor(s):
      • LG 34UM65-P Ultrawide
      • Internet:
      • 72mb Down 19mb up - Plusnet

    Re: Popcorn Time ransomware operates a 'referrals program'

    Thats nasty. thank goodness my important files are in the cloud.
    Better to Burn out than Fade Away

  14. #14
    I really don't care
    Join Date
    Jun 2016
    Posts
    504
    Thanks
    10
    Thanked
    62 times in 50 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • Corsair DDR4 2800 Quad
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 850 EVO; RAID-0 x2 WD Black
      • Graphics card(s):
      • EVGA GeForce GTX 970 x2 SLI
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • x2 23.5" 1080 72Hz OC
      • Internet:
      • Zen FTTC

    Re: Popcorn Time ransomware operates a 'referrals program'

    Quote Originally Posted by Enverex View Post
    The article states that those two people have to pay up, not just be infected, so that idea won't work.
    My mistake, I didn't clock that before I commented.

  15. #15
    I really don't care
    Join Date
    Jun 2016
    Posts
    504
    Thanks
    10
    Thanked
    62 times in 50 posts
    • Dashers's system
      • Motherboard:
      • Gigabyte GA-X99-UD4
      • CPU:
      • Intel i7-5930K
      • Memory:
      • Corsair DDR4 2800 Quad
      • Storage:
      • Intel 750 PCIe SSD; RAID-0 x2 Samsung 850 EVO; RAID-0 x2 WD Black
      • Graphics card(s):
      • EVGA GeForce GTX 970 x2 SLI
      • PSU:
      • CoolerMaster Silent Pro M2 720W
      • Case:
      • Corsair 500R
      • Operating System:
      • Windows 10
      • Monitor(s):
      • x2 23.5" 1080 72Hz OC
      • Internet:
      • Zen FTTC

    Re: Popcorn Time ransomware operates a 'referrals program'

    For more practical advise:

    Use a NAS for anything you want to keep. As you connect to your files on a NAS via a file-level protocol and not a block-level protocol, if can only encrypt the files and not the underlying disk. Still a problem, but that can be addressed with a snapshotting file system like btrfs. This will create a read-only snapshot of your file system at regular intervals. Somebody encrypts your files? Not a problem, just switch to the snapshot from an hour ago.

    Snapshots work by freezing the disk where it is and then any future changes are made as a "delta" to the last snapshot. This means you're not taking up significantly more disk space for each snapshot (indeed, if nothing has changed, there is effectively no increase in size).

    Of course Windows does support this concept with file-history or VSS, but there is a risk that one of these viruses encrypts at block-level as it could have local admin access.

    And of course - create a disconnected backup.

    Personally, I backup all my documents and mail etc to a family member's NAS over a VPN, and I periodically put all my photos onto an encrypted external drive and store in a locked drawer at work.

    If my house was wiped out, I'd need whatever hardware, re-download any software (as most stuff is key based, that's backed up) and rebuild, and re-rip/download any media. It would be a right PITA, but I will still have my data.

  16. #16
    Senior Member
    Join Date
    Jul 2013
    Location
    Dorset
    Posts
    340
    Thanks
    3
    Thanked
    11 times in 10 posts
    • LeetyMcLeet's system
      • Motherboard:
      • Gigabyte Z77X-UD5H
      • CPU:
      • Intel Core i7 3770K @ 4.4GHz
      • Memory:
      • 16GB (4x4GB) Corsair Vengeance LP 1600MHz
      • Storage:
      • 250GB Sammy 840 Evo (OS), 500GB Sammy 850 Evo (Games) and 4 x 2TB HDD's (Pr0n)
      • Graphics card(s):
      • 2x GTX 670 2GB (Gigabyte WF3 Overclocked)
      • PSU:
      • beQuiet! SP 680W
      • Case:
      • Fractal Design R4 (Black)
      • Operating System:
      • Windows 10 Pro x64
      • Monitor(s):
      • ASUS IPS
      • Internet:
      • BT Infinity Business (80/20 FTTC)

    Re: Popcorn Time ransomware operates a 'referrals program'

    I had a couple of customers caught out by this kind of ransomware. Really nasty stuff. It was 256-bit encrypted and you couldn't track where the payment went as they basically used the TOR Network as a 'host'. Clever, but evil.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •