A ransomware program presents victims with an uncomfortable decision: if you don’t want all of your files deleted, give the hackers money or infect a friend.
Like many ransomware programs, “Popcorn Time” encrypts its victims files and requests a Bitcoin ransom in return for the files to be saved. Unlike other malicious programs, however, it is seeking to pit friends and colleagues against each other, using a referral link feature that allows you to put the burden onto someone else.
“In a move that we have not seen with any other ransomware, the ransomware developer offers a ‘nasty way’ for a victim to get a free decryption key by having them help to spread the ransomware,” explains Bleeping Computer. “If two people become infected via the victim’s ‘referral link’ and pay the ransom, then the victim will supposedly get a free key.”
Enter the wrong key four times, however, and your files will be deleted by the program.
In the ransom note that is launched on a victim’s screen, the culprits explain their bizarre reasoning for the malicious program under the header, “Why we do that?”
“We are a group of computer science students from Syria, as you probably know Syria is having bad time for the last 5 years,” explain the hackers. “Since 2011 we have more the half million people died and over 5 million refugees.”
“Each part of our team has lost a dear member from his family. I personally have lost both my parents and my little sister in 2015,” the note continues. “The sad part of this war is that all the parts keep fighting but eventually we the poor and simple people suffer and watching our family and friends die each day. The world remained silent and no one helping us so we decided to take action.”
The hackers claim that money extorted from victims will go to food, medicine, and shelter for Syrian people, adding, “We are extremely sorry that we are forcing you to pay but that’s the only way that we can keep living.”
The ransomware is not affiliated with the pirated movie streaming site “Popcorn Time,” though it is likely an attempt to masquerade under the popular streaming service’s name.
Charlie Nash is a reporter for Breitbart Tech. You can follow him on Twitter @MrNashington or like his page at Facebook.