Threat Management, Incident Response, Malware, Ransomware, TDR

Barack Obama Ransomware only encrypts .exe files

Share

Former President Barack Obama may have blown through his $65 million book deal and has resorted to blackmailing unsuspecting internet users in ransomware attacks judging by the name of a recent ransomware.

The oddly named “Barack Obama's Everlasting Blue Blackmail Virus Ransomware” was first spotted by the MalwareHunterTeam and was noted for only encrypting .exe files on a computer before displaying an image of President Obama asking for a “tip” to decrypt the files.

Once executed, the malware inspires change by terminating the processes associated with antivirus software includingKaspersky, McAfee, and Rising Antivirus before it scans the computer for .exe files to encrypt, according to Bleeping Computer.

The ransomware also modifies the Registry keys associated with .exe files so that they use a new icon and run the virus every time someone launches an executable as part of the encryption process.

It's currently unknown who is behind the malware or if its distributors have any intention of providing decryption keys if paid as victims can only hope researchers develop a decryption key soon. Before the 2016 election, cybercriminals in a similar fashion, created a Donald Trump Ransomware but their version was still in development and contained built-in decryption.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.