Syria Gets Involved In Ransomware By Offering Decryption Keys To Victims Who Infect Others

The world of ransomware is constantly evolving, which poses a significant threat to both consumers and security researchers. Criminals are stepping up their game once again in a rather unprecedented way. Infected victims can now receive a free decryption key as long as they infect other people with the same malware. This is taking ransomware-as-a-business to a whole new level.

Ransomware Distributors Up The Ante Again

The emerging ransomware threat has been causing quite a few headaches for both consumers and security researchers all over the world. Not only is the number of different malware strains going up at an alarming pace, but it also becomes harder to decrypt files without paying the ransom. Even though this latter option is no guarantee of getting file access restored, it is, in most cases, the only viable solution.

Internet criminals are well aware of how the malware business is becoming more lucrative than ever before. Earnings from the distribution of ransomware have increased by quite a margin compared to 2015. Additionally, new business models have spawned, including the ransomware-as-a-business option where affiliates are rewarded for infecting people with malware.

As if that were not troublesome enough, criminals have now come up with an even “better” solution. Although claiming as many victims as possible is still of the utmost importance, distributors are now deploying a new tactic to increase the range of their distribution network’s effectiveness. Think of it as a reward-based affiliate scheme, but utterly the wrong kind.




The new scenario works as follows. A new type of ransomware has been discovered, which does all the usual things any other type of malicious software does. Once a user’s files are encrypted, they will need to come up with a way to restore file access. But paying the ransom is no longer the only option offered by criminals.

Instead, users can opt to receive their decryption key free of charge. There is a caveat, however, as they will need to infect other users with the same ransomware first–a very disturbing development, to say the least, and a bigger threat than any other type of ransomware has ever posed.

Thankfully, it appears that the ransomware source code is anything but complete, and no infections have been reported to date. For the time being, it seems to go under the name PopCorn Time (not to be confused with the video content app), although that may be a temporary placeholder. What is of particular concern is how the creators claim to be “computer science students from Syria”. This has not been officially confirmed, though it may indicate that Syria is embracing digital warfare.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.