Exotic Ransomware

Exotic Ransomware targets Windows OS and, as it appears to still be in development, its method of distribution is currently unknown. Exotic only targets files within specific folders under the User Profile. It will encrypt a wide variety of file types, including executable files. It uses AES-128 to encrypt them and appends .exotic to the file names after renaming the files to a random set of characters. Exotic also looks for certain processes such as msconfig, taskmgr, cmd, regedit, and CCleaner64 and terminates them. Lastly, it displays a countdown timer on the lock screen and, once the timer reaches zero, it shuts down the computer. Exotic demands a ransom payment of $50 USD worth of Bitcoin.

  • Bleeping Computer provides more information about Exotic Ransomware here.
     
  • The NJCCIC is not currently aware of any free decryption tools for Exotic Ransomware.