This is a software to challenge moral blackmail: pay the ransom or two friends-virus infection, blackmail-IT information
According to tech blog WIRED reported that malware research experts from MalwareHunterTeam in the dark network has found a new Ransomware called PopcornTime, this blackmail software source code in the dark network also has disclosed. On the Ransomware, there are several points you need to know:
1. you have 7 days to choose--or pay a ransom to unlock the data, either infected with two other users, you can exempt from paying ransom.
Infected virtual machine is of no use, of course, requires is infected two other people to pay before you can, only infected virtual machine is not used.
And two of the infected user to pay ransom, be involved in the communication chain, become Communicator the user can get the free decryption key.
2. Once you have got, when you enter the decryption password, wrong four times, all encrypted files will be deleted immediately. Did the movie bomb, somehow they have red and green line you can choose!
3. the software maker claims to be from Syria Republic computer major students , they are battered by war damage and software said the extortion of ransom for Syria aid of war victims.
4. this software is still in the "premature" State of development.
First to discover this new form of Ransomware attack people, Bleeping Computer founder Lawrence Abrams named Popcorn Time. On December 9, Abrams said, and so far haven't found Popcorn Time is wantonly used by malicious attackers.
Abrams said in a media interview:
PopcornTime to infected users with this selection of extraordinary times, was of a criminal nature, the user is likely to get a free decryption key while choosing to spread this ransomware. I would like to Ransomware has never seen anything like this before, perhaps this is extortion of new trends in software development.
This extortion software encryption algorithm used is AES-256, it can encrypt the file type has more than 500 species. User's files after they have been encrypted, PopcornTime will be added at the end of the file name of the encrypted file suffix ". filock" or. "Kok". And this blackmail software this week has just been updated, and added a number of new file formats supported.
Based on its analysis of the source code, the Ransomware had not finished, there are lots of features, not perfect. For example, the most important communications function will not be complete, there is a Tor server in the code, but not on the line.
5. the preventive measures you can do are: backup files, avoiding suspicious downloads.
Is still the old rules: no curiosity is too heavy, click on a malicious link and mail, backup file, beware of phishing.
Is not currently known, and how to trick users into installing the Ransomware? If anyone really choose to spread the software to friends, is sending installation packages or link? In China is only a matter of time? Is now known, at present there are no communication.
这是一款挑战道德的勒索软件:付赎金或者
感染两个朋友 -
病毒,勒索 - IT资讯
据国外科技博客WIRED 报道,来自MalwareHunterTeam的恶意软件研究专家在暗网中发现了一种名为PopcornTime的新型勒索软件,这款勒索软件的源代码在暗网中也有披露。关于这款勒索软件,有几点你需要知道:
1.你有7天时间选择——要么支付赎金解锁数据,要么感染两位其他用户,你就可以免付赎金。
当然感染虚拟机是没有用的,要求是被感染的另外两人支付之后才可以,所以只感染虚拟机没有用。
而在被感染的两名用户支付赎金后,被牵扯进这条传播链,成为传播者的这位用户就可以获得免费的解密密钥。
2.一旦中招,输入解密密码时,输错四次,被加密的所有文件将立即被删除。有没有电影里拆炸弹的感觉,好歹人家还有红绿线可以选择!
3.该软件制造者声称是来自叙利亚共和国的计算机专业的大学生,他们正饱受战争的伤害,并表示该勒索软件获得的赎金将用于叙利亚战争受害者的救助。
4.这款软件目前还处于“未成熟”的开发状态。
第一个发现这款新形式勒索软件攻击的人,Bleeping Computer创始人 Lawrence Abrams将其命名为Popcorn Time。12月9日,Abrams称,目前为止还没有发现Popcorn Time被恶意攻击者大肆利用。
Abrams接受媒体采访时称:
PopcornTime给受感染用户提供的这种选择是非比寻常的,也是带有犯罪性质的,有的用户很可能会为了得到免费的解密密钥而选择将这款勒索软件传播出去。我在此之前从未见过这样的勒索软件,也许这也是勒索软件发展的新趋势。
这款勒索软件使用的加密算法为AES-256,它可以加密的文件类型已经超过了五百种。用户的文件在被加密之后,PopcornTime会在被加密文件的文件名结尾添加后缀名“.filock”或“.kok”。而且这款勒索软件在这周刚刚得到更新,并增加了大量新的文件格式支持。
基于其对源码的分析,该勒索软件还没有完工,还有很多功能没有完善。例如,最重要的通讯功能就没有完成,代码中还有一个基于Tor的服务器,但还没有上线。
5.你可以做的预防措施是:备份文件,避免可疑下载。
还是老规矩:不要好奇心太重,点击可能的恶意链接和邮件,备份文件,谨防钓鱼。
目前尚未可知的是,该勒索软件会如何诱骗用户安装?假如有人真的选择传播该软件给朋友,是发送安装包还是链接?在中国传播是否只是时间问题?目前所知的是,目前国内还没有传播。