A new strain of ransomware is using a referral programme of sorts to trick users into spreading the malicious software.

Discovered by MalwareHunterTeam, the ransomware is known as Popcorn Time (no relation to the app that let’s you stream copyright movies illegally) and those hit with infection can either pay up or send a malicious link to two friends and hope they’re more prone to paying up.

For the sake of guarding against this, the link appears to be a spoof of a .onion URL so if you don’t regularly use a dark web browser avoid clicking that link.

If that wasn’t enough to scare you into updating your security software, Bleeping Computer reports that unfinished code in the ransomware might allow the developer to delete all of your data should you enter the incorrect decryption code four times.

Once executed Popcorn Time a message will pop up which reads, “we are sorry to say that your computer and your files have been encrypted, but wait, don’t worry. There is a way that you can restore your computer and all of your files.”

What follows is a countdown timer and an amount you need to pay in bitcoin to the attacker. Once the ransomware has been executed it starts targeting and encrypting files with specific extensions including .bin, .mp3, .doc and many, many more.

Appealing to your humanity

The attackers have also seen it fit to include a message to their victims, seemingly attempting to tug on their heartstrings. “We are a group of computer science students from Syria, as you probably know Syria is having bad time for the last 5 years. Since 2011 we have more the half million people died and over 5 million refugees,” reads a note accompanying the demand to pay 1 bitcoin.

The note also assures victims that the money will be used to buy food, medicine and shelter.

Now, if you happen to have been hit with Popcorn Time and you’re considering sending the software on to a friend, don’t. Aside from the implications on your social life, the folks you send the ransomware along to would need to pay the attackers for you to get your data unlocked for free.

This is – to our knowledge – the first time an instance of ransomware has tried to get victims to spread the malware in hopes of getting their files back. Our advice is to update your security software and approach any links you’re sent that don’t display the URL in full with caution.

[Via – Bleeping Computer] [Image – CC BY SA 2.0 cyclonebill]