Exotic Ransomware: Flirting with security researchers

A new ransomware with the name Exotic appeared last week and within two days went from version 1.0 to 3.0 because its author, a German developer known as EvilTwin, or Exotic Squad, wants to impress security researchers with his "work of art".


This is a run-of-the-mill ransomware that locks the victim's files, presents a note asking for ransom to unlock your data.

According to MalwareHunterTeam, this malicious software is not the most advanced than it has been released in recent months. The Exotic is not a threat, at least as of this writing. According to many researchers and its manufacturer, the ransomware is still one project ongoing.

MalwareHunterTeam discovered version 1.0 of Exotic on October 12 and started sharing through Twitter, information with other security researchers. And as usual, the action of the malware is recorded in a video to inform the others. To everyone's surprise, its author ransomware contacted the researcher and thanked him for the time it took to demonstrate his "work" and make the video, and he also wanted to be friend on Skype (!!!). This conversation surprised everyone, as malware writers usually do everything possible to avoid security researchers and prying eyes. Especially them ransomware analysts, who try to "break" the encryption algorithms, destroying their activities.

The researchers found Exotic 2.0 and 3.0 to be available over the next two days, but with little change. As for its technical details ransomware, it encrypts files with the AES-128 algorithm and requires the user to pay a $ 50 ransom in Bitcoin. After encryption the user files are named with a random name and all have the extension with ".exotic".

The ransomware Exotic 1.0 is easy to identify because it uses a Hitler image, perhaps inspired by ransomware Hitler who appeared in early August. In the other two editions the author changed the image and used a simple lock screen inspired by ransomware Jigsaw.

See below a video of Serbian security researcher GrujaRS that shows Exotic 3.0 activity and how it infects and locks a computer.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news