Barack Obama – Malware that Encrypts Your Files
“Barack Obama ’s Everlasting Blue Blackmail Virus” detected by MalwareHunterTeam. This malware is named after the President of United States.
The malware was detected by MalwareHunterTeam, and is a strange ransomware that attacks Windows devices. While it is not known until now, how the malware is being spread and what does this malware will results. After targeting the PC this malware disables the monitoring of antivirus and then encrypt all .EXE files on the PC, even those within the Windows folder. It then displays a message on the screen with the picture of Barack Obama saying –
MalwareHunterTeam tweeted, this malware having an unusual title “Barack Obama’s Everlasting Blue Blackmail Virus” with the following properties:
The commands executed by this ransomware to stop the processes associated with antivirus:
taskkill /f /im kavsvc.exe taskkill /f /im KVXP.kxp taskkill /f /im Rav.exe taskkill /f /im Ravmon.exe taskkill /f /im Mcshield.exe taskkill /f /im VsTskMgr.exe
Types of file affected by this ransomware malware:
- Audio files
- Video files
- Document files
- Image files
- Backup files
- Banking credentials, etc
This ransomware also affected registry keys associated with .EXE files to replicate this malware itself. The modified registry keys are as follows:
HKLM\SOFTWARE\Classes\exe HKLM\SOFTWARE\Classes\exe\ HKLM\SOFTWARE\Classes\exe\EditFlags 2 HKLM\SOFTWARE\Classes\exe\DefaultIcon HKLM\SOFTWARE\Classes\exe\DefaultIcon\ C:\Users\User\codexgigas_.exe,0 HKLM\SOFTWARE\Classes\exe\Shell HKLM\SOFTWARE\Classes\exe\Shell\Open HKLM\SOFTWARE\Classes\exe\Shell\Open\Command HKLM\SOFTWARE\Classes\exe\Shell\Open\Command\ "C:\Users\User\codexgigas_.exe" "%1"
Obama is not the only president, after whose name the malware is created. In 2016 The Donald Trump Ransomware was also released.