Chain letter ransomware: how to hurt enemies

Long before the internet, there were chain letters. Someone just about to become a former friend sent you a letter which you had to send on to several others, for fear of ‘breaking the chain’, and the bad karma that would incur. Some of the more naïve versions contained names and addresses of previous recipients, to whom you had to send money; the claim was that in perpetuating the chain, you too would receive lots of money when others did the same to you.

A similar technique is now being used by the authors of new Windows ransomware to propagate their evil product, according to a report by Lawrence Abrams on BleepingComputer.com. Discovered by MalwareHunterTeam, Popcorn Time offers its victims a choice: they can either pay one bitcoin to receive the key which will decrypt their files, or they can send a Tor link to two or more other people; if they both pay to receive their encryption keys, then the first victim gets their key free of charge.

The authors of Popcorn Time make no bones about what they are inviting their victims to do: the simple payment option is termed “the fast and easy way”, and that requiring you to infect two others is “the nasty way”. The latter makes even the most vicious of chain letter schemes look positively saintly.

What they lack in morals and humanity these authors attempt to compensate for in game theory and social engineering. In a variant of the Prisoner’s Dilemma game, they recognise that few people don’t have enemies. Given the opportunity to stitch two or more of their enemies up with ransomware, the amoral would see the ‘nasty way’ as both getting back at enemies and saving themselves a bitcoin. Presumably they would care little that in doing so they were in breach of the law – both criminally and laying themselves open to claims in respect of damage in incurred.

The ‘success’ of Popcorn Time is thus dependent on its appeal to the worst side of human nature. Let’s hope that it flops abysmally.

Those familiar with Dante’s Inferno will recall that, in Dante’s vision of hell, it is divided into a series of circles, rising to the Ninth Circle of treachery, which leads on to the very centre of hell itself. I hear that there is a new construction project to create a tenth circle, reserved for those who write and propagate malware. There’s already a very special place there reserved for the authors of Popcorn Time.

Note: Popcorn Time refers here to this ransomware product, not another product of the same name which downloads and streams copyrighted movies, although that doesn’t exactly sound like an innocent bystander.