A new ransomware variant introduces a twist into the malware by offering users a free decryption key, but only if they successfully infect two others and force them to pay up.
The malware, called Popcorn Time, offers users two ways to unlock their files, the “easy way”, by paying 1 Bitcoin (about £620), or the “nasty way”, by sending a “referral link” to other computers.
If two others pay a ransom as a result of the referral, the original victim will be sent a free decryption key, according to the instructions displayed by the malware.
The program isn’t related to the video-streaming application of the same name, according to computer security researchers MalwareHunterTeam.
The malware’s source code indicates that it contains a feature that begins deleting users’ files if the wrong key is entered four times, although the feature hasn’t yet been enabled, according to IT education site Bleeping Computer, which earlier disclosed MalwareHunterTeam’s research.
The malware is still under development, according to MalwareHunterTeam, and currently targets files in the My Documents, My Pictures, My Music, and desktop folders.
Files are encrypted using the AES-256 algorithm, with a .filock extension appended to the filename.
Researchers have reported a sharp rise in malware infections this year, with some reporting a large proportion of those who pay didn’t receive a decryption key.
Kaspersky Lab said infections of enterprises rose threefold between the first and third quarters of this year, attaining a rate of one infection every 40 seconds.
“The classic ‘affiliate’ business model appears to be working as effectively for ransomware as it does for other types of malware,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. “Victims often pay up so money keeps flowing through the system. Inevitably this has led to us seeing new cryptors appear almost daily.”
The company found 20 percent of small businesses who paid a ransom didn’t have access restored.
Trend Micro also surveyed businesses who paid ransoms and found the same proportion did not receive a decryption key.
Trend said new ransomware families grew by four times from January to September 2016 and predicted the figure would grow by another 25 percent in the coming year.
Do you know all about security in 2016? Try our quiz!
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…