Popcorn Time Ransomware

Popcorn Time Ransomware Overview
Security experts detected a new malware threat known as the Popcorn Time ransomware. At the time of its discovery it was still in development.

Upon infection the virus not only encrypts target data and extorts the victim but also prohibits ordinary computer use by installing a screenlocker.

Popcorn Time Ransomware Note
There are several samples and each of them has a slightly different ransomware note.

First example: "Warning Message!!""We are sorry to say that your computer and your files have been encrypted,""but wait, don’t worry. There is a way that you can restore your computer and all of your files""06 Days 23:59:09 Hours""When countdown ends your files will be lost forever""You must send at least [BAMOUNT] Bitcoin to our wallet and you will get your files back""Your personal unique ID: [UID] Send [BAMOUNT] BTC to this address: [WADDRESSS]""After you’ve made the payment, you will get a code, please insert it here:""……………… [Decrypt]"Second example:

Restoring your files – The fast and easy way"To get your files fast, please transfer 1.0 Bitcoin to our wallet address""1LeiPgvh6S9VEXWV2dZTytSRd7e9B1bWt3. When we will get the money, we will""immediately give you your private decryption key. Payment should be confirmed in about""2 hours after payment made.""What we did?""We had encrypted all of your important images,""documents, videos and all other files on your computer.""We used a very strong encryption algorithm that used by""all governments all over the world (Encryption – Wikipedia).""We store your personal decryption code to""your files on our servers and we are the only ones that""can decrypt your files. Please don’t try to be smart,""anything other than payment will cause damage to your""files and the files will be lost forever!!!""If you will not pay for the next 7 days, the decryption""key will be deleted and your files will be lost forever.""Restoring your files – The nasty way""Send the link below to other people, if two or more people will install this file and pay, we""will decrypt your files for free.""https://3hnuhydu4pd247qb.onion.to/r/0e72bfe849c71dec4a867fe60c78ffa5""Why we do that?""We are a group of computer science students from Syria, as you probably know Syria is having bad""time for the last 5 years. Since 2011 we have more the half million people died and over 5 million""refugees. Each part of our team has lost a dear member from his family. I personally have lost both""my parents and my little sister in 2015. The sad part of this war is that all the parts keep fighting but""eventually we the poor and simple people suffer and watching our family and friends die each day.""The world remained silent and no one helping us so we decided to take an action. (Syria War in""Wikipedia)""Be perfectly sure that all the money that we get goes to food, medicine, shelter to our people.""We are extremely sorry that we forcing you to pay but that’s the only way that we can keep living."

Popcorn Time Ransomware Distribution
The Popcorn Time ransomware samples were not collected from live attacks and according to the initial security analysis the virus was still under development at the time of discovery.

However we presume that infection sources include the typical spam email campaigns, exploit kit attacks, browser hijackers and etc.

Popcorn Time Ransomware Removal
In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.