Categories: Computer SecurityRansomwareSecurity Hacker

New Ransomware That Encrypts Only EXE Files on Windows Machines

New Ransomware That Encrypts Only EXE Files on Windows MachinesNew Ransomware That Encrypts Only EXE Files on Windows Machines

A new ransomware that encrypts only EXE files present in your computer including the ones presented in the windows folder, which typically other ransomware won’t do to ensure the operating system function correctly.

It was first tweeted by MalwareHunterTeam and it has the title as Barack Obama’s Everlasting Blue Blackmail Virus Ransomware, according to its file properties. It is unknown how the attackers distributing the ransomware.

Generally ransomware will encrypt other media file’s such as docx, .xls, .doc, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .jpeg, .csv and other to force the victim into making payment, Barack Obama’s Blackmail Virus Ransomware targets only the .EXE file.

The ransomware also encrypts the registry keys that associated with the EXE file to run every time when someone launches the application.

As with any other ransomware, it doesn’t show’s any Ransome amount instead it ask’s victim’s to send an email to “2200287831@qq.com” for payment details.

The ransom note displayed as Hello, your computer is encrypted by me! Yeah,
 that means your EXE file isn't open! Because I encrypted it. So you can
 decrypt it, but you have to tip it. This is a big thing. You can email
 this email: 2200287831@qq.com gets more information.

Ransomware still continues to be a global threat, it’s become a billion-dollar industry that shows no signs of going away anytime soon.

What next: if you’re Infected

  • Disconnect the Network.
  • Determine the Scope.
  • Understand the version or Type of Ransomware.
  • Determine the Strains of Ransomware.

Mitigation

  • Use Strong Firewall to block the command & control server callbacks.
  • Scan all your emails for malicious links, content, and attachment.
  • Block the adds and unnecessary web content.
  • Enforce access control permission.
  • Take regular backups of your data.

Ransomware Attack Response and Mitigation Checklist

Ransomware-as-a-Service – Princess Evolution Ransomware Advertised in Underground Forums

Police Department Infected Again by Ransomware Attack that Already Locked 1 Year of Work-Related Files

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: computer securityransomwareWindows machine
7 years ago

Recent Posts

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into unsuspecting…

24 minutes ago

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network edge…

27 minutes ago

Criminal IP to Showcase Advanced Threat Intelligence at RSAC™ 2025

Joining Criminal IP at Booth S-634 | South Expo, Moscone Center | April 28 –…

39 minutes ago

TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands

Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers…

2 hours ago

Faster Vulnerability Patching Reduces Risk and Lowers Cyber Risk Index

Trend Micro's Cyber Risk Exposure Management (CREM) solution has highlighted the critical role that timely…

2 hours ago

Malicious npm Packages Target Linux Developers with SSH Backdoor Attacks

In a sophisticated onslaught targeting the open-source ecosystem, reports have emerged detailing several malicious npm…

2 hours ago