Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove EXOTIC Squad Virus and Restore Encrypted Files

exotic-squad-sensorstechforum“Try to kill or delete me and I will kill your PC” – this is the message the victims of the EXOTIC virus see once their computer has been infected by it. The vulgar cyber-threat goes as far as creating wallpapers of Hitler along with threatening ransom notes to induce fear in the minds of the users whose files were encrypted. Once this virus encrypts your files, they become no longer openable and the cyber-criminals have the decryption key. This is why they demand a ransom payoff to be made to restore the files. Anyone who has been the victim of the EXOTIC virus is advised not to pay any form of ransom to cyber-criminals and to wait for malware researchers to go through it and see if there is a free decryption solution. In the meantime it is recommended to remove this virus and try to revert your files back to normal, using the information in this article.

Threat Summary

Name

EXOTIC virus

TypeRansomware
Short DescriptionThe malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions” along with a deadline countdown timer. Displays images of Hitler.
Distribution MethodVia an HTTP request by an Exploit kit, Dll files, malicious JavaScript (.JS) or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by EXOTIC virus

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss EXOTIC Ransomware.
Data Recovery ToolStellar Phoenix Data Recovery Technician’s License Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

EXOTIC Virus – How Does It Cause Infection

In order for this particular malware to infect users, it focuses primarily on several different key factors – the victims it targets, the combination of tools it will use for successful infection and the regions which it will target. EXOTIC ransomware virus may use a sophisticated combination of tools such as malware obfuscators, file joiners, exploit kits and even javascripts to cause attacks. Such tools may be embedded in malicious URLs or malicious files that only seem legitimate, but are far away from such. The files may be In .ZIP archives or other types of packages. Some files may even look just like the Microsoft Office or Adobe document files to fool users of their legitimacy.

Such malicious URLs or files may be distributed on various places throughout the web. Such places may be shady websites that use malvertising or upload malicious executables that resemble legitimate installers, porn sites and other types of malicious sites. Also, some malicious URLs may be forced onto the victim’s computer via adware and other PUPs that may cause a browser redirect or other forms of advertisements to appear.

The most widely used by ransomware makers type of distribution method still remains to be spam. Whether it is spammed e-mails (attachments or links) or spam-bots that advertise different web links on social media or as comments on various websites, careless users often become victims of threats like the EXOTIC virus.

EXOTIC Virus – More Information

When it’s payload is downloaded onto your computer, you may experience temporary glitches and slow-downs, even freezes and the “not-responding” state of the “explorer.exe” process. This is because the virus is active and may have dropped malicious files in the following Windows folders:

  • %AppData%
  • %Temp%
  • %Local%
  • %Roaming%
  • %System Drive%
  • %User’s Profile%

After the files are dropped, the virus may modify multiple registry entries that may cause several actions on your computer:

  • Display a pop-up message.
  • Change the wallpaper of the infected computer.
  • Display the ransom message by opening a file specifically designed for that.
  • Run the encryption program (or script).

The usual targeted registry entries that modify those settings are:

HKEY_CURRENT_USER\Control Panel\Desktop\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

There may be more registry entries in which the EXOTIC virus may have created custom values for it’s operation in addition to those.

After being ran, the EXOTIC virus immediately begins encrypting the files of the compromised computer. The malware may use a strong cipher to generate a unique decryption key and send it to the servers of the cyber-criminals. Multiple types of files are preconfigured based on their file extensions to be targeted for file encryption. Such files are mainly important objects used often by the user, like:

  • Videos.
  • Text Documents.
  • Pictures.
  • Microsoft Word documents.
  • Microsoft Excel documents.
  • Microsoft PowerPoint documents.
  • Microsoft Outlook files.
  • Database files.
  • Adobe Reader Documents.
  • VMware and other types of virtual drive files.
  • Other files related to often used programs.

After the encryption, the user immediately sees the following pop-up:

pop-up-ransomware-encrypted-exotic-squad-sensorstechforum

After this pop-up the interface of the ransomware appears accompanying the following ransom note:

ransom-note-exotic-squad-ransowmare-sensorstechforum

Malware researchers at Malware HunterTeam (@malwrhunterteam) who may be the first stumbling upon this cyber-threat, believe that this is another one of those “junk” ransomware viruses that may be cracked and have free decryptors released soon.

Remove EXOTIC Virus and Try to Restore Your Files

To remove this virus completely from your computer, it is advisable to follow the instructions posted below. They are carefully designed to provide you the means to locate the files and objects related to EXOTIC virus. However, in case there is no information about which files and registries the virus creates or you are having difficulties in removing the files yourself, malware experts always advise using an advanced anti-malware program.

In order to attempt and restore your files in case they have been encrypted by the EXOTIC ransomware virus, you should know that at this point there is no free decryption possibility. But, do not be motivated and under no circumstances you should pay the ransom. Instead, while malware researchers come up with a free decryption solution, it is strongly advisable to try alternative methods to revert your files, like the ones mentioned in step “2. Restore files encrypted by EXOTIC virus” below. Bear in mind that the methods are not 100 percent effective and they do not guarantee the recovery of your files. Also, make sure to back up the encrypted files before trying to decrypt them if you are using a decryptor, because they may be broken permanently.

Images Source: Twitter

Manually delete EXOTIC virus from your computer

Note! Substantial notification about the EXOTIC virus threat: Manual removal of EXOTIC virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove EXOTIC virus files and objects.
2. Find malicious files created by EXOTIC virus on your PC.
3. Fix registry entries created by EXOTIC virus on your PC.

Automatically remove EXOTIC virus by downloading an advanced anti-malware program

1. Remove EXOTIC virus with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by EXOTIC virus in the future
3. Restore files encrypted by EXOTIC virus
Optional: Using Alternative Anti-Malware Tools

How to Find Decryption Key for Files Encrypted By EXOTIC virus Ransomware

We have designed to make a tutorial which is as simple as possible to theoretically explain how could you detect your decryption key. Find out how

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.