Ransomware, a malicious program which locks all the files on your computer, is on hunt these days. Cyber criminals have made Ransomware more advanced and dangerous. As the name suggests, Ransomware encrypts each and every file on the computer and asks the victim to pay some money as ransom to release decryption key to decrypt the files on the infected computer.
It has adopted nastiest methods this time. It uses the name of a TV and Movies streaming application Popcorn Time. When user installs this program, it shows “Downloading and installing” message to user which is fake. While showing “Downloading and installing” message, it secretly encrypts all your pictures, files and video using AES-256 encryption algorithm. This encryption algorithm is used by the governments across the world.
After encrypting files on the computer, Ransomware puts .filock extension to every file on computer and pushes victims to either pay the ransom amount or infect two or more other computers to get free decryption key to unlock files. The ransom amount is about $779.50 which is equal to 1 bitcoin in amount. Victim has 7 days time to either pay ransom or infect two other PCs using referral link provided by the Ransomware.
As per the security researchers, some computer science students from Syria have claimed Popcorn Time. The main purpose of this whole thing is to make some easy money. They state that the money made through ransoms “will be used for food, medicine, and shelter to those in need”; and also apologize for the same.
Another Security researcher has discovered incompleteness of the code in Ransomware. He claimed that if victim enters incorrect decryption key four times, it will start deleting files from the computer leaving victim helpless.
The message displayed after infecting the computer is as follows:
What we did?
We had encrypted all your important images, documents, videos and all other files on your computer. We used a very strong encryption algorithm that used by all governments all over the world (Encryption Wikipedia). We store your personal decryption code to your files on our servers and we are the only ones that can decrypt your files. Please don’t try to be smart, anything other than payment will cause damage to your files and the files will be lost forever!!!
If you will not pay for the next 7 days, the decryption key will be deleted and your files will be lost forever.
Why we do that?
We are the group of computer science students from Syria, as you probably know Syria is having bad time for the last 5 years. Since 2011 we have more than half million people died and over 5 million refugees. Each part of our team has lost a dear member from his family. I personally have lost both my parents and my little sister in 2015. The sad part of this war is that all the parts keep fighting but eventually we the poor and simple people suffer and watching our family and friends die each day. The world remained silent and no one helping us so we decided to take an action (Syria War in Wikipedia).
Be perfectly sure that all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we forcing you to pay but that’s the only way that we can keep living.
Only suggestion we can give you now is to keep yourself safe from malicious softwares. If you get infected by Ransomware, you can install two Virtual Box Windows and by infecting them, you can get free decryption key. Feel free to comment.