A new ransomware named Exotic appeared last week and within two days it went from 1.0 to 3.0 because its editor, a German developer known as EvilTwin, or Exotic Squad, wants to impress security researchers with his "work of art".
This is a run-of-the-mill ransomware that locks the victim's files, presents a note asking for a ransom to unlock your data.
Σύμφωνα με το MalwareHunterTeam, το εν λόγω κακόβουλο software it is not the most advanced compared to what has been released in recent months. The Exotic is not a threat, at least until that article is written. According to many researchers and its maker, ransomware is still a project underway.
MalwareHunterTeam discovered version 1.0 of Exotic on October 12 and began sharing information with other security researchers via Twitter. And as usual, the action of the malware is recorded in a video to inform the others. To everyone's surprise, the ransomware author contacted the researcher and thanked him for the time it took to demonstrate his "work" and make the video, and he also wanted to friend on Skype (!!!). Αυτή η conversation εξέπληξε τους πάντες, δεδομένου ότι οι συγγραφείς των κακόβουλων λογισμικών συνήθως κάνουν ό,τι είναι δυνατόν για να αποφύγουν τους ερευνητές ασφάλειας και τα αδιάκριτα μάτια τους. Ιδιαίτερα τους ransomware αναλυτές, οι οποίοι προσπαθούν να “σπάσουν” τους αλγόριθμους κρυπτογράφησης, καταστρέφοντας τις δραστηριότητές τους.
The researchers found the existence of Exotic 2.0 and 3.0 over the next two days, but they contained little change. As for the technical details of the ransomware, it encrypts the files with the AES-128 algorithm and requires the user to pay a ransom of $50 dollars in Bitcoins. After encryption the user's files are named with a random name and all have the extension with “.exotic”.
The Exotic 1.0 ransomware is easy to identify because it uses a background image of Hitler as a background in the ransom note, perhaps inspired by the Hitler ransomware that appeared at the beginning of August. In the other two versions the author changed the image and used a simple lock screen inspired by Jigsaw ransomware.
See below a video of Serbian security researcher GrujaRS that shows Exotic 3.0 activity and how it infects and locks a computer.
https://www.youtube.com/watch?v=0f6yzxTI_Bc