A new ransomware named Exotic appeared last week and in two days went from version 1.0 to 3.0 because its author, a German developer known as EvilTwin, or Exotic Squad, wants to impress the researchers better safetys with his "work of art".
This is a run-of-the-mill ransomware that locks the victim's files, presents a note asking for a ransom to unlock your data.
According to MalwareHunterTeam, the said malicious software is not the most advanced compared to what has been released in recent months. The Exotic is not a threat, at least until that article is written. According to many researchers and its maker, ransomware is still a project underway.
MalwareHunterTeam discovered version 1.0 of Exotic on October 12 and began sharing information with other security researchers via Twitter. And as usual it is recorded in one video the action of the malware to inform the rest. To everyone's surprise, the ransomware author got in touch with the researcher and thanked him for taking the time to show off his "project" and make the video, and wanted it to be friend on Skype (!!!). This conversation surprised everyone, as malware writers usually do everything possible to avoid security researchers and prying eyes. Especially ransomware analysts, who try to "break" the encryption algorithms, destroying their activities.
The researchers found Exotic 2.0 and 3.0 to be available over the next two days, but with little change. As for the technical details of the ransomware, it encrypts the files with the AES-128 algorithm and requires the user to pay a $ 50 ransom in Bitcoin. After encryption the user files are named with a random name and all have the extension with ".exotic".
The Exotic 1.0 ransomware is easy to identify because it uses a background image of Hitler as a background in the ransom note, perhaps inspired by the Hitler ransomware that appeared at the beginning of August. In the other two versions the author changed the image and used a simple lock screen inspired by Jigsaw ransomware.
See below a video of Serbian security researcher GrujaRS that shows Exotic 3.0 activity and how it infects and locks a computer.
https://www.youtube.com/watch?v=0f6yzxTI_Bc