“Try to kill or delete me and I will kill your PC” – this is the message the victims of the EXOTIC virus see once their computer has been infected by it. The vulgar cyber-threat goes as far as creating wallpapers of Hitler along with threatening ransom notes to induce fear in the minds of the users whose files were encrypted. Once this virus encrypts your files, they become no longer openable and the cyber-criminals have the decryption key. This is why they demand a ransom payoff to be made to restore the files. Anyone who has been the victim of the EXOTIC virus is advised not to pay any form of ransom to cyber-criminals and to wait for malware researchers to go through it and see if there is a free decryption solution. In the meantime it is recommended to remove this virus and try to revert your files back to normal, usando as informações neste artigo.
|Pequena descrição||Os arquivos de usuários criptografa de malware usando um algoritmo de criptografia forte, tornando descriptografia direta possível somente por meio de uma chave de decodificação única disponível para os ciber-criminosos.|
|Os sintomas||O usuário pode testemunhar notas de resgate e “instruções” along with a deadline countdown timer. Displays images of Hitler.|
|Ferramenta de detecção|| See If Your System Has Been Affected by EXOTIC virus |
Remoção de Malware Ferramenta
|Experiência de usuário||Participe do nosso fórum para Discuss EXOTIC Ransomware.|
|Ferramenta de recuperação de dados||Stellar Phoenix Data Recovery Technician’s License Aviso prévio! Este produto verifica seus setores de unidade para recuperar arquivos perdidos e não pode recuperar 100% dos arquivos criptografados, mas apenas alguns deles, dependendo da situação e se você tem ou não reformatado a unidade.|
|Ferramenta de recuperação de dados||Windows Data Recovery por Stellar Phoenix Aviso prévio! Este produto verifica seus setores de unidade para recuperar arquivos perdidos e não pode recuperar 100% dos arquivos criptografados, mas apenas alguns deles, dependendo da situação e se você tem ou não reformatado a unidade.|
EXOTIC Virus – How Does It Cause Infection
Such malicious URLs or files may be distributed on various places throughout the web. Such places may be shady websites that use malvertising or upload malicious executables that resemble legitimate installers, porn sites and other types of malicious sites. Além disso, some malicious URLs may be forced onto the victim’s computer via adware and other PUPs that may cause a browser redirect or other forms of advertisements to appear.
The most widely used by ransomware makers type of distribution method still remains to be spam. Whether it is spammed e-mails (attachments or links) or spam-bots that advertise different web links on social media or as comments on various websites, careless users often become victims of threats like the EXOTIC virus.
EXOTIC Virus – More Information
When it’s payload is downloaded onto your computer, you may experience temporary glitches and slow-downs, even freezes and the “not-responding” state of the “explorer.exe” process. This is because the virus is active and may have dropped malicious files in the following Windows folders:
- %Dados do aplicativo%
- %System Drive%
- %Perfil do usuário%
After the files are dropped, the virus may modify multiple registry entries that may cause several actions on your computer:
- Display a pop-up message.
- Change the wallpaper of the infected computer.
- Display the ransom message by opening a file specifically designed for that.
- Run the encryption program (or script).
The usual targeted registry entries that modify those settings are:
There may be more registry entries in which the EXOTIC virus may have created custom values for it’s operation in addition to those.
After being ran, the EXOTIC virus immediately begins encrypting the files of the compromised computer. The malware may use a strong cipher to generate a unique decryption key and send it to the servers of the cyber-criminals. Multiple types of files are preconfigured based on their file extensions to be targeted for file encryption. Such files are mainly important objects used often by the user, gostar:
- Documentos de texto.
- As fotos.
- Microsoft Word documents.
- Microsoft Excel documents.
- Microsoft PowerPoint documents.
- Microsoft Outlook files.
- arquivos de banco de dados.
- Adobe Reader Documents.
- VMware and other types of virtual drive files.
- Other files related to often used programs.
Depois da encriptação, the user immediately sees the following pop-up:
After this pop-up the interface of the ransomware appears accompanying the following ransom note:
Malware researchers at Malware HunterTeam (@malwrhunterteam) who may be the first stumbling upon this cyber-threat, believe that this is another one of those “junk” ransomware viruses that may be cracked and have free decryptors released soon.
Remove EXOTIC Virus and Try to Restore Your Files
To remove this virus completely Do seu computador, it is advisable to follow the instructions posted below. They are carefully designed to provide you the means to locate the files and objects related to EXOTIC virus. Contudo, in case there is no information about which files and registries the virus creates or you are having difficulties in removing the files yourself, malware experts always advise using an advanced anti-malware program.
In order to attempt and restaurar seus arquivos in case they have been encrypted by the EXOTIC ransomware virus, you should know that at this point there is no free decryption possibility. Mas, do not be motivated and under no circumstances you should pay the ransom. Em vez de, while malware researchers come up with a free decryption solution, it is strongly advisable to try alternative methods to revert your files, como os mencionados na etapa “2. Restore files encrypted by EXOTIC virus” abaixo. Bear in mind that the methods are not 100 percent effective and they do not guarantee the recovery of your files. Além disso, make sure to back up the encrypted files before trying to decrypt them if you are using a decryptor, because they may be broken permanently.
imagens Fonte: Twitter