Referring to a study by BitDefender in 2018, ransomware is malware that has been the most widely disseminated in the last 5 years.
And in the years to come this computer threat will continue to grow. Not to mention that we will see a sophistication of ransomware. On some sides cyber criminals will deploy new strategy to be able to better spread their malware. We then think of the social ingenerie or the multi-stage attacks that will allow them to escape the detection system set up by the structures they target.
In a previous article, we let you know that ransomware existed in many forms. In this context, we are often faced with derivatives of this malware that seems to be moving away contexts. Take, for example, EduCrypt, which is a ransomware that has been designed in 2016 with the aim of giving lessons on safety it even provides its targets, the decryption keys without requiring in return the payment of a ransom.
And in the same context, it was discovered another rather special ransomware program. It bears the same name as former US President Barack Obama exactly it is: "Barack Obama's Everlasting Blue Blackmail Virus. ». Its peculiarity is simple it also does not attacking the files. EXE. However he has not lost the habits of other ransomware which is to demand a ransom.
We remember that from the beginning of ransomware, hackers tended to use the FBI or CIA logo to scare their target so that they could pay without asking too many questions. But in our case here, they use the photo of Barack Obama the former US president. Its dissemination is done according to a classic method of phishing and sending spam. As soon as the Barack Obama program infects an information system, it begins to scan the contents of that system with the intention of detecting any form of antivirus protection software. Eventually they search in this system for all the files in shape. EXE and the numbers.
In principle, ransomware tends to encrypt media-type files or simple documents to compel the victim to pay the ransom demanded. What they avoid, it is to modify the files concerned at the risk of damaging them or even PCs. This may discourage the target from executing the payment request ransom. But Obama's ransomware isn't just about that. It also encrypts the files.exe present in the Windows folder. We then think that it was a program computer science that has been designed by people who are not very experienced in piracy in the ransomware. In other words, they're amateurs.
The message that is then displayed gives an email address where victims can have instructions when payment terms are made. According to VirusTotal, this program was detected by 45 out of 68 antivirus programs in total.
Now access an unlimited number of passwords: