A new ransomware named Exotic appeared last week and within two days it went from 1.0 to 3.0 because its editor, a German developer known as EvilTwin, or Exotic Squad, wants to impress security researchers with his "work of art".
This is a run-of-the-mill ransomware that locks the victim's files, presents a note asking for a ransom to unlock your data.
According to MalwareHunterTeam, this malicious software is not the most advanced than it has been released in recent months. The Exotic not a threat, at least as of this writing. According to many researchers and its creator, ransomware is still a project in development.
MalwareHunterTeam discovered version 1.0 of Exotic on October 12 and began sharing via Twitter, information with other researchers security. Και όπως συνηθίζεται καταγράφεται σε ένα βίντεο η δράση του κακόβουλου λογισμικού προς information of the rest. To everyone's surprise, the ransomware author got in touch with the researcher and thanked him for taking the time to show off his "work" and make the video, and wanted it to be friend on Skype (!!!). This n conversation surprised everyone, since malware authors usually do everything possible to avoid security researchers and their prying eyes. Especially ransomware analysts, who try to "break" encryption algorithms, destroying their activities.
The researchers found Exotic 2.0 and 3.0 to be available over the next two days, but with little change. As for the technical details of the ransomware, it encrypts the files with the AES-128 algorithm and requires the user to pay a $ 50 ransom in Bitcoin. After encryption the user files are named with a random name and all have the extension with ".exotic".
The Exotic 1.0 ransomware is easy to identify because it uses a background image of Hitler as a background in the ransom note, perhaps inspired by the Hitler ransomware that appeared at the beginning of August. In the other two versions the author changed the image and used a simple lock screen inspired by Jigsaw ransomware.
See below a video of Serbian security researcher GrujaRS that shows Exotic 3.0 activity and how it infects and locks a computer.
https://www.youtube.com/watch?v=0f6yzxTI_Bc
