Barack Obama ransomware encrypt .EXE files
There will always be new ransomware in front of us every time, this time the Obama ransomware produced by hackers. This ransomware is called the Obama version. It has nothing to do with Obama. It just shows the Obama image after the encryption is completed. But if you look closely, you can see that this ransomware seems to be only a spoof, rather than encrypting files for ransom like other ransomware.
Only encrypt EXE instead of document:
Ransomware searches for various document files for encryption to blackmail users, but this Obama version of ransomware only searches for EXE files for encryption.
The EXE file is nothing more than a messy software process, so even if it is encrypted, it doesn’t matter if the file redo system is backed up.
Also, ransomware usually does not encrypt the system installation directory, preventing the system from crashing due to encryption of the system file.
And this Obama ransomware will encrypt all EXE files including resource manager and notepad, etc., this encryption has no practical significance.
The last encrypted EXE icon is an icon of Netease Cloud Music directly copied by the hacker. It also allows people to contact the QQ mailbox without providing ransom information.
“Hello, your computer is encrypted by me! Yeah, that means your EXE file isn’t open! Because I encrypted it.
So you can decrypt it, but you have to tip it. This is a big thing. You can email this email: 2200287831@qq.com gets more information.”
Maybe a spoof:
From the behaviour of ransomware, we believe that the probability of spoofing is relatively high, so it is not clear whether the virus author will provide the key.
It is worth noting that users who are infected with security software such as Kaspersky, Rising, and McAfee will be killed by the virus when they are infected with the virus.
Perhaps some security software has a detection mechanism for a large number of files being modified in a short time, and it is more convenient for the virus to kill the security software process to encrypt the data.
Via: bleepingcomputer