“Try to kill or delete me and I will kill your PC” – this is the message the victims of the EXOTIC virus see once their computer has been infected by it. The vulgar cyber-threat goes as far as creating wallpapers of Hitler along with threatening ransom notes to induce fear in the minds of the users whose files were encrypted. Once this virus encrypts your files, they become no longer openable and the cyber-criminals have the decryption key. This is why they demand a ransom payoff to be made to restore the files. Anyone who has been the victim of the EXOTIC virus is advised not to pay any form of ransom to cyber-criminals and to wait for malware researchers to go through it and see if there is a free decryption solution. In the meantime it is recommended to remove this virus and try to revert your files back to normal, using the information in this article.
|Short Description||The malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.|
|Symptoms||The user may witness ransom notes and “instructions” along with a deadline countdown timer. Displays images of Hitler.|
|Detection Tool|| See If Your System Has Been Affected by EXOTIC virus |
Malware Removal Tool
|User Experience||Join our forum to Discuss EXOTIC Ransomware.|
|Data Recovery Tool||Stellar Phoenix Data Recovery Technician’s License Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
EXOTIC Virus – How Does It Cause Infection
Such malicious URLs or files may be distributed on various places throughout the web. Such places may be shady websites that use malvertising or upload malicious executables that resemble legitimate installers, porn sites and other types of malicious sites. Also, some malicious URLs may be forced onto the victim’s computer via adware and other PUPs that may cause a browser redirect or other forms of advertisements to appear.
The most widely used by ransomware makers type of distribution method still remains to be spam. Whether it is spammed e-mails (attachments or links) or spam-bots that advertise different web links on social media or as comments on various websites, careless users often become victims of threats like the EXOTIC virus.
EXOTIC Virus – More Information
When it’s payload is downloaded onto your computer, you may experience temporary glitches and slow-downs, even freezes and the “not-responding” state of the “explorer.exe” process. This is because the virus is active and may have dropped malicious files in the following Windows folders:
- %System Drive%
- %User’s Profile%
After the files are dropped, the virus may modify multiple registry entries that may cause several actions on your computer:
- Display a pop-up message.
- Change the wallpaper of the infected computer.
- Display the ransom message by opening a file specifically designed for that.
- Run the encryption program (or script).
The usual targeted registry entries that modify those settings are:
There may be more registry entries in which the EXOTIC virus may have created custom values for it’s operation in addition to those.
After being ran, the EXOTIC virus immediately begins encrypting the files of the compromised computer. The malware may use a strong cipher to generate a unique decryption key and send it to the servers of the cyber-criminals. Multiple types of files are preconfigured based on their file extensions to be targeted for file encryption. Such files are mainly important objects used often by the user, like:
- Text Documents.
- Microsoft Word documents.
- Microsoft Excel documents.
- Microsoft PowerPoint documents.
- Microsoft Outlook files.
- Database files.
- Adobe Reader Documents.
- VMware and other types of virtual drive files.
- Other files related to often used programs.
After the encryption, the user immediately sees the following pop-up:
After this pop-up the interface of the ransomware appears accompanying the following ransom note:
Malware researchers at Malware HunterTeam (@malwrhunterteam) who may be the first stumbling upon this cyber-threat, believe that this is another one of those “junk” ransomware viruses that may be cracked and have free decryptors released soon.
Remove EXOTIC Virus and Try to Restore Your Files
To remove this virus completely from your computer, it is advisable to follow the instructions posted below. They are carefully designed to provide you the means to locate the files and objects related to EXOTIC virus. However, in case there is no information about which files and registries the virus creates or you are having difficulties in removing the files yourself, malware experts always advise using an advanced anti-malware program.
In order to attempt and restore your files in case they have been encrypted by the EXOTIC ransomware virus, you should know that at this point there is no free decryption possibility. But, do not be motivated and under no circumstances you should pay the ransom. Instead, while malware researchers come up with a free decryption solution, it is strongly advisable to try alternative methods to revert your files, like the ones mentioned in step “2. Restore files encrypted by EXOTIC virus” below. Bear in mind that the methods are not 100 percent effective and they do not guarantee the recovery of your files. Also, make sure to back up the encrypted files before trying to decrypt them if you are using a decryptor, because they may be broken permanently.
Images Source: Twitter