Popcorn Time…the First Malware Requiring a Moral Compass

Ransomware traditionally has used self-replicating and distributing features written into the malware itself to search out, break into, and infect unsecure devices. The benefits of this are clear…fast and wide malware distribution touching thousands of devices.

Enter stage left, Popcorn Time…the first ransomware, which uses the human victim themselves to find and target additional victims to continue distribution of the malware. The idea is straightforward. When your computer becomes infected, you have four options: 1) Pay the ransom and gain back control of your data, 2) Identify personal contacts you will try to infect in order to have your data released, essentially blackmailing the victim, 3) Call law enforcement for help and hope they have the resources to help, or 4) Do nothing. Looking at these, there are really only two options that will help the victim: Pay out, or provide targets.

This is a game changer as it forces human intervention and moral dilemma to develop calculated targets of contacts they know to be easy victims.

Full popcorn in classic popcorn box

Social Implications

The Social Engineering aspect of this malware is relatively simple: Humans are self-serving and will only look out for themselves. Either you are a “Good Person” and you find a resolution internally (or with law enforcement), or you are an “Evil Person” and send this out to a small list of contacts and further propagate the ransomware. There is no middle ground.

That said, this decision isn’t simply weighted with the original victim’s moral conscious. It has to do with the development and technology laws within the victim’s country, the resources of the business being attacked, and the bandwidth of law enforcement to help, mitigate, and trace the malware to the source.

[You might also like: Social Engineering]

Legal Implications

As I mentioned above, traditional ransomware is self-distributing, and in many cases, has an electronic data trail leading law enforcement back to a Command and Control computer. What if that data trail runs back to a friend or business contact that knowingly targeted you to save their company? Are you at fault for opening a seemingly malicious email? Are they at fault for taking the bait and putting you on that list? Are you at fault for not having advanced malware filters in your environment? If law enforcement doesn’t help you, can you help yourself?

Security professionals need to be right 100% of the time…hackers need to get lucky once. The more hackers can increase their odds of network penetration through human interaction, the more effective they will be.

Will this strategy even work?

These are all questions that will be asked over the coming year. Until we start seeing this propagating, there is no telling what human-directed malware will do.

Part of the effectiveness of these strategies has to do with the deployment of encryption when hijacking and ransoming corporate data. Looking back, encryption has been seen as the “White Knight” protecting sensitive corporate information. Now, those tables have turned. Sun-Tzu stated in the Art of War, “To know your Enemy, you must become your Enemy.” In the case of most ransomware, hackers have used our own encryption techniques against us.

The only thing that is for certain, this is one Popcorn Time you won’t want to share with friends.


Read the 2016–2017 Global Application & Network Security Report by Radware’s Emergency Response Team.

Download Now

Jason Engel

Jason Engel is a Territory Manager specializing in Cyber Security and Application Delivery for Radware, responsible for helping secure companies in the North Central, US. Jason has 13+ years of experience in account management, 6+ years within Finance and 6+ years in the Business Analytics, Business Intelligence, Big Data, Unstructured Data Analysis, Application Delivery, and Cyber Security spaces. In his spare time, Jason is an avid music fan, lover of the outdoors, and sports enthusiast. He has a degree in Business Administration with an emphasis in Information Systems, Operations Management, and Multinational Corporations.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center