barack obama

Barack Obama – Malware that Encrypts Your Files

Barack Obama ’s Everlasting Blue Blackmail Virus” detected by MalwareHunterTeam. This malware is named after the President of United States.

barack obama

The malware was detected by MalwareHunterTeam, and is a strange ransomware that attacks Windows devices. While it is not known until now, how the malware is being spread and what does this malware will results. After targeting the PC this malware disables the monitoring of antivirus and then encrypt all .EXE files on the PC, even those within the Windows folder. It then displays a message on the screen with the picture of Barack Obama saying –

“Hello. your computer is
encrypted by me! Yeah, that
means your EXE file isn’t open!
Because I encrypted it.
So you can decrypt it, but you
have to tip it. This is a big thing.
You can email this email:
2200287831@qq.com gets
more information.”

 

MalwareHunterTeam tweeted, this malware having an unusual title “Barack Obama’s Everlasting Blue Blackmail Virus” with the following properties:

The commands executed by this ransomware to stop the processes associated with antivirus:

taskkill /f /im kavsvc.exe
taskkill /f /im KVXP.kxp
taskkill /f /im Rav.exe
taskkill /f /im Ravmon.exe
taskkill /f /im Mcshield.exe
taskkill /f /im VsTskMgr.exe

Types of file affected by this ransomware malware:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

This ransomware also affected registry keys associated with .EXE files to replicate this malware itself. The modified registry keys are as follows:

HKLM\SOFTWARE\Classes\exe
HKLM\SOFTWARE\Classes\exe\
HKLM\SOFTWARE\Classes\exe\EditFlags 2
HKLM\SOFTWARE\Classes\exe\DefaultIcon
HKLM\SOFTWARE\Classes\exe\DefaultIcon\ C:\Users\User\codexgigas_.exe,0
HKLM\SOFTWARE\Classes\exe\Shell
HKLM\SOFTWARE\Classes\exe\Shell\Open
HKLM\SOFTWARE\Classes\exe\Shell\Open\Command
HKLM\SOFTWARE\Classes\exe\Shell\Open\Command\ "C:\Users\User\codexgigas_.exe" "%1"

Obama is not the only president, after whose name the malware is created. In 2016 The Donald Trump Ransomware was also released.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our Google+ Pages.

Also Read:  

Leave a Reply

Your email address will not be published. Required fields are marked *