Friday, December 09, 2016

Ransomeware help to remove ransomeware

Infected with ransomeware??? Want to get it remove it for free....


Yes, this new technique has been employed by cyber criminals with the latest round of ransomware threat, dubbed Popcorn Time.

 MalwareHunterTeam, the new Popcorn Time Ransomware has been designed to give the victim's a criminal way of getting a free decryption key for their encrypted files and folders.
What's even worse? The victims are encouraged to pay the ransom of 1 Bitcoin (~$750) within seven days to receive decryption keys stored on a remote server owned by Popcorn Time's developers.



Here's How the Popcorn Time Ransomware Threat Works:


Once infected, the Popcorn Time Ransomware will check to see if the ransomware has been run already on the PC. If yes, the ransomware will terminate itself.

If not, the Popcorn Time Ransomware will either download various images to use as backgrounds or start encrypting the files using AES-256 encryption. The encrypted files will have the ".filock" or ".kok" extension appended to it.

While encrypting the data, the ransomware will display a fake screen that pretends to be the installation of the program.

As soon as the encryption is finished, it will convert two base64 strings, save them as ransom notes known as restore_your_files.html and restore_your_files.txt, and then automatically display the HTML ransom note asking for 1 Bitcoin.

Want a Free Decryption Key? Infect Two More People


The Popcorn Time author provides a "nasty way" for a victim to get the free decryption key: Spread the Ransomware to two other people via the victim's "referral" link."

If those two infected victims pay the ransom, then the first victim will supposedly get a free decryption key.

To make this possible, the ransom note contains a URL pointing to a file located on the Popcorn Time's TOR server.




Entering Wrong Decryption Key 4 Times and You are Screwed Up!


When executed, the Popcorn Time ransomware will display a lock screen filled in with various information relating to victim's particular installation.

The victim will also find a field where he/she can enter the decryption key given to them by the attacker after paying the ransom.

The source code for Popcorn Time contains a function that suggests the threat to delete files if the victim enters the wrong decryption code four times.

Since the Popcorn Time ransomware is still under development at the time of writing, many things are unclear and may change with time.

0 comments:

Post a Comment