Exotic Ransomware

What is Exotic Ransomware?

Exotic Ransomware may be the new malware threat that could wake you up in the middle of the night with the shocking realization that you just lost all your files; unless, of course, you are a security-minded user and you regularly make backup copies on a portable drive. This vicious malware program encrypts your files and most likely you will have no way of restoring them for the time being. According to our malware specialists at anti-spyware-101.com, these cyber criminals seem to have no intention of giving you the decryption password or software either as there is no sign in the code that this infection connects to its Command and Control servers (C&C). It is not surprising for us, though, because most ransomware attacks end badly or without the possibility to restore your files. Unfortunately, since this is a very recent threat, there are no free tools either on the web. We advise you to delete Exotic Ransomware right after you notice its presence on your computer. Let us tell you in more details about this dangerous infection and how you can defend your virtual world against similar threats.testtest

Where does Exotic Ransomware come from?

Just like most of its peers, including APT Ransomware, Hades Locker Ransomware, and KillerLocker Ransomware that have hit the web recently, this malware infection is also distributed via spam e-mails. The attachment you can find in these mails is indeed an executable malicious file in disguise. You may think that you download and view an image or document file, but, instead, you activate this dangerous ransomware. Most users believe when such a spam poses as a reference to an overdue invoice, a falsely made flight booking, an unpaid parking fine, or a notification from a local authority. In fact, this spam can be about anything that could draw your attention instantly. The keyword is deception in the case of these vicious spams. Otherwise, they could not infect anyone really.

You should keep in mind that you must be cautious when you are checking your mails even in your inbox. Because if such a nasty spam lands in your inbox, nothing can save you from infecting your machine with this deadly beast. Also, remember that if you remove Exotic Ransomware after you notice its presence – and you cannot delete it other ways really – you cannot save your files from encryption. This is a sad fact but should remind you about the importance of prevention. If your PC is not protected with proper security software, there is a good chance that this is not the last time your computer gets hit by such an attack.

How does Exotic Ransomware work?

Opening the malicious file that you saved from the spam e-mail will drop the ransomware executable in the “%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup” folder. This file could be called "Microsoft Audiodriver.exe" for example. Once it starts up, it targets most of your files in the %USERPROFILE% folder, including all your ".exe" files, which means a great loss if you cannot recover your files after this attack. Every affected file name is modified and gets a random name with the “.exotic” extension. Unlike most of its peers, this malware infection does not leave any ransome note files. Instead, a dialog box pops up that informs you that your Windows has been infected. When you click on the OK button, a black window comes up with the ransom note.

From this note you learn that you have to pay 50 US dollars worth of Bitcoins, which is about 0.08 BTC, to the Bitcoin address that is provided. You are given 3 days to transfer. To make it more urgent for you to pay, you are threatened that a file will be deleted every 5 hours. However, our specialists have found that there may be no way for these crooks to keep their promise anyway because they use the very same Bitcoin wallet for all the victims and the infection may make no communications to the C&C servers at all. This way it is impossible that you get your password or a tool that could recover your files. We do not advise you to pay these crooks. We recommend that you act right now and remove Exotic Ransomware from your system.

How do I delete Exotic Ransomware?

If you want to be able eliminate this vicious threat, first, you need to restart your system in Safe Mode. Then, you can identify and delete all the related malicious files. We have included a guide for you below this article. If you use our instructions, you can easily clean this infection from your computer. If you do not want to risk manual removal, you can always install a reliable anti-malware program, such as SpyHunter is. But it is also important that you keep all your drivers and programs updated if you want to use a secure computer.

Restart your PC in Safe Mode

Windows XP/Windows Vista/Windows 7

  1. Reboot your system and press the F8 key a few times to bring up the boot menu.
  2. Using your arrow keys, choose Safe Mode, and hit the Enter key.

Windows 8/Windows 8.1/Windows 10

  1. Change to the Metro UI screen by pressing the Windows key.
  2. Click on the Power icon.
  3. Tap and hold the Shift key while you click Restart.
  4. Choose Advanced options from the Troubleshooting menu.
  5. Select Startup Settings and click Restart.
  6. Press the F4 key to restart in Safe Mode.

How to remove Exotic Ransomware from Windows

  1. Tap Win+E to open File Explorer.
  2. Delete the file you saved from the spam mail.
  3. Delete the malicious file ("Microsoft Audiodriver.exe”) in the "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" directory.
  4. Empty your Recycle Bin and reboot your system in Normal Mode.
100% FREE spyware scan and
tested removal of Exotic Ransomware*

Leave a Comment

Enter the numbers in the box to the right *