June 8, 2017 by

Ransomware Doubles as Ponzi Scheme in Malicious Attack

Researchers have discovered a new type of ransomware that turns victims into attackers in a pyramid scheme devised by hackers to widen the spread of the malware.

Dubbed the ‘Popcorn Time’ ransomware, victims of the strain were given a choice. Pay the ransom of 1 bitcoin. Or, infect two new people on behalf of the attackers. In return, the attackers would consider allowing the first victim to regain access to the computer.

As reported by the New York Times, the attack was discovered by researchers in late 2016 and is now seen as the first Ponzi scheme ransomware attack. In other words, the first ever attempt to turn victims into attackers who entrap other victims in a pyramid scheme from the top down. According to Mikko Hypponen, chief of research at security firm F-Secure, the pyramid ransomware model could be copied if it proves successful.

He stated:

These networks all watch each other and learn. When a new model works, it quickly grows as others build on it.

Researchers are still, to this day, monitoring if this particular model of ransomware is catching on. The executive added that the recent unprecedented ransomware attack led by WannaCry, was largely a failure. The attack “became too public, too visible and it made almost no money,” Hypponen stated, pointing to its success in the mainstream eye leading to its own downfall.

The combination of ransomware and worm-like malware is still undoubtedly one of the most fearsome, destructive cyberthreats.

“This was a good idea, to combine the two processes together,” said Hypponen, pointing to ransomware’s spread through a network of systems, infecting one computer after another. Created by Cornell graduate student Robert Morris in 1988, the first ‘worm’ was born out of curiosity by a researcher. Computer worms have since become the means to carrying out sweeping rabid cyberattacks.

The executive added that other cybercriminal groups are sure to be paying attention and developing new and ‘novel’ forms of ransomware in the future.

He claimed:

Other groups are watching this, and we are going to see other versions of this, better versions, soon.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.