A new ransomware that encrypts only EXE files present in your computer including the ones presented in the windows folder, which typically other ransomware won’t do to ensure the operating system function correctly.
It was first tweeted by MalwareHunterTeam and it has the title as Barack Obama’s Everlasting Blue Blackmail Virus Ransomware, according to its file properties. It is unknown how the attackers distributing the ransomware.
"This is a big thing."
😂
Sample: https://t.co/FTwiVVy0sp@BleepinComputer @demonslay335 pic.twitter.com/mMfd8shBC8— MalwareHunterTeam (@malwrhunterteam) August 22, 2018
Generally ransomware will encrypt other media file’s such as docx, .xls, .doc, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .jpeg, .csv and other to force the victim into making payment, Barack Obama’s Blackmail Virus Ransomware targets only the .EXE file.
The ransomware also encrypts the registry keys that associated with the EXE file to run every time when someone launches the application.
As with any other ransomware, it doesn’t show’s any Ransome amount instead it ask’s victim’s to send an email to “2200287831@qq.com” for payment details.
The ransom note displayed as Hello, your computer is encrypted by me! Yeah, that means your EXE file isn't open! Because I encrypted it. So you can decrypt it, but you have to tip it. This is a big thing. You can email this email: 2200287831@qq.com gets more information.
Ransomware still continues to be a global threat, it’s become a billion-dollar industry that shows no signs of going away anytime soon.
What next: if you’re Infected
- Disconnect the Network.
- Determine the Scope.
- Understand the version or Type of Ransomware.
- Determine the Strains of Ransomware.
Mitigation
- Use Strong Firewall to block the command & control server callbacks.
- Scan all your emails for malicious links, content, and attachment.
- Block the adds and unnecessary web content.
- Enforce access control permission.
- Take regular backups of your data.
Related Read
Ransomware Attack Response and Mitigation Checklist
Ransomware-as-a-Service – Princess Evolution Ransomware Advertised in Underground Forums
