A new ransomware named Exotic appeared last week and within two days it went from 1.0 to 3.0 because its editor, a German developer known as EvilTwin, or Exotic Squad, wants to impress security researchers with his "work of art".
This is a run-of-the-mill ransomware that locks the victim's files, presents a note asking for a ransom to unlock your data.
According to MalwareHunterTeam, the said malware it is not the most advanced compared to what has been released in recent months. The Exotic not a threat, at least as of this writing. According to many researchers and its creator, ransomware is still a project in development.
MalwareHunterTeam discovered version 1.0 of Exotic on October 12 and began sharing information with other security researchers via Twitter. And as usual, the action of the malware is recorded in a video to inform the others. To everyone's surprise, the ransomware author contacted the researcher and thanked him for the time it took to demonstrate his "work" and make the video, and he also wanted to friend on Skype (!!!). This conversation surprised everyone, since malware authors usually do everything possible to avoid security researchers and their prying eyes. Especially the ransomware analysts, who try to "break" the algorithms encryptions, destroying their activities.
The researchers found Exotic 2.0 and 3.0 to be available over the next two days, but with little change. As for the technical details of the ransomware, it encrypts the files with the AES-128 algorithm and requires the user to pay a $ 50 ransom in Bitcoin. After encryption the user files are named with a random name and all have the extension with ".exotic".
The Exotic 1.0 ransomware is easy to identify because it uses a background image of Hitler as a background in the ransom note, perhaps inspired by the Hitler ransomware that appeared at the beginning of August. In the other two versions the author changed the image and used a simple lock screen inspired by Jigsaw ransomware.
See below a video of Serbian security researcher GrujaRS that shows Exotic 3.0 activity and how it infects and locks a computer.
https://www.youtube.com/watch?v=0f6yzxTI_Bc
