Show Hide image

New computer virus prompts you to infect others to save yourself

A new ransomware that bears a striking similarity to dystopian sci-fi tropes is making the rounds.

In news that is sure to have Charlie Brooker Ctrl+C-ing and Ctrl+V-ing his way through the next series of Black Mirror, security researchers have discovered a new ransomware that allows users to free their machine if they pass on the malware to others.

Dubbed “Popcorn Time”, the ransomware locks your computer files until you pay one bitcoin (currently worth £617) or, in a dystopian twist, pass the virus on to two other people. If those two others become infected and pay the fee, you will then be given a decryption key to unlock your files.

The former method has been dubbed "The fast and easy way", with the latter labelled "The nasty way" by the malware's developers. 

The ransomware was discovered by security researchers MalwareHunterTeam last week. According to screenshots from the team, those behind the ransomware claim to be a “group of computer students from Syria” and allege that the money will be used to help those affected by the Syrian war.

It is unclear whether there is any truth in this claim or this is simply another strange ploy. The idea that hackers could turn humans against each other is a dystopian trope that occurs repeatedly in fiction, most recently in the upcoming horror film The Belko Experiment.

The malware also bears striking resemblance to the plot of a season three episode of Black Mirror, “Shut Up and Dance.” In this episode (spoilers ahead), hackers infect people with malware that records them doing illicit or illegal activities, and then ask their victims to steal money and even kill others to save their own skin.

Despite being a common trope in fiction, however, this type of ransomware is a relatively new reality. Referral marketing – whereby a customer benefits by passing on a service to others – has gained new popularity with firms such as Uber, but this is one of the first times it has been used for nefarious purposes.

As of yet, it is unclear how many victims have been infected and the malware is currently still being developed. According to Bleeping Computer, the code also indicates that the ransomware may delete a victim’s files permanently if they enter the wrong decryption code four times.

In the meantime it is worth noting that you should always back up your files and never click unknown links. “Popcorn Time” also has nothing to do with the torrenting service of the same name. 

Amelia Tait is a technology and digital culture writer at the New Statesman.

Show Hide image

Marcus Hutchins: What we know so far about the arrest of the hero hacker

The 23-year old who stopped the WannaCry malware which attacked the NHS has been arrested in the US. 

In May, Marcus Hutchins - who goes by the online name Malware Tech - became a national hero after "accidentally" discovering a way to stop the WannaCry virus that had paralysed parts of the NHS.

Now, the 23-year-old darling of cyber security is facing charges of cyber crime following a bizarre turn of events that have left many baffled. So what do we know about his indictment?


Hutchins, from Ilfracombe in Devon, was reportedly arrested by the FBI in Las Vegas on Wednesday before travelling back from cyber security conferences Black Hat and Def Con.

He is now due to appear in court in Las Vegas later today after being accused of involvement with a piece of malware used to access people's bank accounts.

"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," said the US Department of Justice.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

His court appearance comes after he was arraigned in Las Vegas yesterday. He made no statement beyond a series of one-word answers to basic questions from the judge, the Guardian reports. A public defender said Hutchins had no criminal history and had previously cooperated with federal authorities. 

The malware

Kronos, a so-called Trojan, is a kind of malware that disguises itself as legitimate software while harvesting unsuspecting victims' online banking login details and other financial data.

It emerged in July 2014 on a Russian underground forum, where it was advertised for $7,000 (£5,330), a relatively high figure at the time, according to the BBC.

Shortly after it made the news, a video demonstrating the malware was posted to YouTube allegedly by Hutchins' co-defendant, who has not been named. Hutchins later tweeted: "Anyone got a kronos sample."

His mum, Janet Hutchins, told the Press Association it is "hugely unlikely" he was involved because he spent "enormous amounts of time" fighting attacks.


Meanwhile Ryan Kalember, a security researcher from Proofpoint, told the Guardian that the actions of researchers investigating malware may sometimes look criminal.

“This could very easily be the FBI mistaking legitimate research activity with being in control of Kronos infrastructure," said Kalember. "Lots of researchers like to log in to crimeware tools and interfaces and play around.”

The indictment alleges that Hutchins created and sold Kronos on internet forums including the AlphaBay dark web market, which was shut down last month.

"Sometimes you have to at least pretend to be selling something interesting to get people to trust you,” added Kalember. “It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference.”

It's a sentiment echoed by US cyber-attorney Tor Ekeland, who told Radio 4's Today Programme: "I can think of a number of examples of legitimate software that would potentially be a felony under this theory of prosecution."

Hutchins could face 40 years in jail if found guilty, Ekelend said, but he added that no victims had been named.

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics.

Oscar Williams is editor of the NewStatesman's sister site NSTech.