A new ransomware named Exotic appeared last week and grew from version 1.0 to 3.0 within two days as its German programmer editor known as EvilTwin or Exotic Squad wants to impress security researchers with his “work of art”.
It is a run-of-the-mill ransomware that locks victims’ files and presents a message asking for money in order to unlock stolen data.
According to MalwareHunterTeam, this malicious software has nothing to do with anything having circulated in the few past months. Exotic is not a threat, at least since this article has been written. According to many researchers and its manufacturer, this ransomware is still a project in development.
The MalwareHunterTeam discovered the Exotic version 1.0 on the 12th October and started exchanging information with other security researchers via Twitter. A video demonstrated the malicious software in action was created to create awareness. Surprisingly, the ransomware author contacted the researcher and thanked him for the time spent to present his «art» and create a video and also wanted to add him on Skype (!!!). This conversation surprised everyone, given that the malware authors usually do whatever possible to avoid security researchers and their indiscrete eyes, especially ransomware analysts who try to «break» encryption algorithms.
Researchers discovered the Exotic 2.0 and 3.0 during the last two days which differ slightly. This ransomwear encrypts files with AES-128 algorithms and requires users to pay $50 in Bitcoin. After the encryption, user files are given random names and come with the extension «.exotic».
Ransomware Exοtic can be easily identified, as it uses a picture of Hitler for background on the message asking for money, maybe inspired by the Hitler ransomware that appeared in the beginning of August. In the two other versions, the author changed the picture and used a simple lock screen inspired by the Jigsaw ransomware.
The below video, created by the Serbian security researcher GrujaRS, demonstates how the Exotic 3.0 works and how it infects and locks a computer.
Find out how to protect yourself and business from ransomwear: http://cyber.aspida.org