Sunday, September 2, 2018

Meet the Barack Obama ransomware

Sometimes strange names put to malware catch the attention of media who are always in the zeal to disclose newly discovered web viruses to the world. One such happens to be Barack Obama’s Blackmail Virus Ransomware.

First reported by the MalwareHunter team, this ransomware is said to only encrypt.EXE files on a computer after which it displays a Barack Obama Image on the screen that asks for a ransom to decrypt files.

Titled as “Barack Obama Everlasting Blue Blackmail Virus”, the ransomware is said to terminate various processes associated with antivirus software such as McAfee, Norton, Kaspersky and other known software’s. After evading the computer security tools, the malware is found scan the PC for.EXE files and encrypts them on discovery.

The malware hunter team has found that the ransomware later modifies the Registry keys associated with .exe files so that they use a new icon and run the virus, as soon as the system admin launches an executable file.

It is still unknown how the virus is being spread and when it was developed as the malware developers are just pinning in an email id 2200287831@qq dot com to know more and for payment instructions.

But security analysts from ESET state that newly discovered ransomware attacks need at least a time frame of 3 months to be quarantined with freely available decryption software.

In the past, a similar ransomware variant running on the name of the 45th US President Donald Trump was also found on the web. It was probably in early 2016 when Trump was just a presidential probable for US 2016 Polls.

Note- Malware Hunter is a heavily customized shodan crawler that explores the web looking for command and control servers for botnets. It does so, by pretending as an infected client that’s reporting back to the command line center. You can find more details on the malware-hunter.shodan. io website.

The post Meet the Barack Obama ransomware appeared first on Cybersecurity Insiders.


September 03, 2018 at 10:57AM

0 comments:

Post a Comment