There is a latest addition in the Ransomware trend! Malware hunter team has detected a new Ransomware, which leaves the victims in dilemma between paying the ransom amount to the cyber-crook and infecting two additional systems . The Ransomware dubbed Popcorn time scans victims system and encrypts numerous file extensions including picture, document and music files.
What is Popcorn Time Ransomware?
The Ransomware shares the name of bit torrent client, which allowed users to download and stream films. This has been intentionally done to trick users into installing it, by posing as setup wizard for legitimate software. It should be remembered that original Popcorn Time was shut down due to series of DDOS attacks, moreover, there were reports stating that Popcorn Time variants (the bit-torrent client) have re-appeared under multiple domain names.
How does it work?
Once executed, it will firstly check whether Ransomware is running by checking the files in Application Data or App Data. Any software installed in Windows operating system installs its own folder in AppData and stores information there. If the file is already present, then the Ransomware will terminate itself.
Otherwise,the Ransomware will initiate the encryption of files. Popcorn Time Ransomware uses AES encryption, which encrypts xlsm, .syncdb, .pptm, .doc and .mdbackup files. To every extension which is encrypted extension, .filock is added. After successful encryption is carried out, it displays a note encouraging victims to pay a ransom of one Bitcoin, which can be paid within a week.
What makes it peculiar?
The victims need to promote this link to any two people so that that their systems are infected. The malicious link will download the Ransomware onto their system. If at least two of these other people pay the ransom, the files are decrypted free of charge.
How to Safeguard?
- Make use of eScan products, which combat the threat of Ransomware with its PBAE Technology.
- Always download apps from their official website or Google Play Store instead of unknown sources because many apps store are still offering the app.
- Download applications of a reliable app developer and check the user ratings and reviews of the apps before download.
- Ensure that all the software installed in your system are updated frequently, including Oracle Java and Adobe.
- Implement a three dimensional security policy in your organization, i.e. firstly understand your requirement based on which IT Security policy would be prepared accordingly. Secondly, educate your staff about the policy and finally enforce the policy.
- Make sure you either implement MailScan at gateway level or enable Mail Anti-virus on endpoint in order to block extensions such as *.EXE, *.SCR, *.JS, *.VBE etc. These attachments would infect your system.
- Open emails only if you are positive about the source.
- Regularly create backup of your important files.
