Tuesday, January 14, 2025
HomeComputer SecurityNew Ransomware That Encrypts Only EXE Files on Windows Machines

New Ransomware That Encrypts Only EXE Files on Windows Machines

Published on

A new ransomware that encrypts only EXE files present in your computer including the ones presented in the windows folder, which typically other ransomware won’t do to ensure the operating system function correctly.

It was first tweeted by MalwareHunterTeam and it has the title as Barack Obama’s Everlasting Blue Blackmail Virus Ransomware, according to its file properties. It is unknown how the attackers distributing the ransomware.

Generally ransomware will encrypt other media file’s such as docx, .xls, .doc, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .jpeg, .csv and other to force the victim into making payment, Barack Obama’s Blackmail Virus Ransomware targets only the .EXE file.

The ransomware also encrypts the registry keys that associated with the EXE file to run every time when someone launches the application.

As with any other ransomware, it doesn’t show’s any Ransome amount instead it ask’s victim’s to send an email to “2200287831@qq.com” for payment details.

The ransom note displayed as Hello, your computer is encrypted by me! Yeah,
 that means your EXE file isn't open! Because I encrypted it. So you can
 decrypt it, but you have to tip it. This is a big thing. You can email
 this email: 2200287831@qq.com gets more information.

Ransomware still continues to be a global threat, it’s become a billion-dollar industry that shows no signs of going away anytime soon.

What next: if you’re Infected

  • Disconnect the Network.
  • Determine the Scope.
  • Understand the version or Type of Ransomware.
  • Determine the Strains of Ransomware.

Mitigation

  • Use Strong Firewall to block the command & control server callbacks.
  • Scan all your emails for malicious links, content, and attachment.
  • Block the adds and unnecessary web content.
  • Enforce access control permission.
  • Take regular backups of your data.

Ransomware Attack Response and Mitigation Checklist

Ransomware-as-a-Service – Princess Evolution Ransomware Advertised in Underground Forums

Police Department Infected Again by Ransomware Attack that Already Locked 1 Year of Work-Related Files

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

New NonEuclid RAT Evades Antivirus and Encrypts Critical Files

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has...

New Great Morpheus Hacker Group Claims Hacking Into Arrotex Pharmaceuticals And PUS GmbH

A Data Leak Site (DLS) belonging to a new extortion group named Morpheus, which...

Is this Website Safe: How to Check Website Safety – 2025

is this website safe? In this digital world, Check a website is safe is...