Meet ransomware which wears the face of former president Barack Obama

Sept. 6, 2018

When ransomware first began to infest our home systems, cybercriminals would often use the threat of the FBI and law enforcement to frighten victims enough to pay up.

It’s unusual, though, to see the face of a former head of a country as a brand of malware.

Barack Obama’s Everlasting Blue Blackmail Virus Ransomware, as tweeted by MalwareHunterTeam, is perhaps one of the more peculiar strains of ransomware which have emerged over the course of this year.

The Windows-based malware is distributed through spam and phishing campaigns and will first scan an infected system for processes associated with antivirus solutions.

As reported by BleepingComputer, the Obama ransomware will then scan for files ending in .EXE, before encrypting them. Registry keys associated with the executable files are also tampered with so that every time an .EXE file is launched, the virus will, too.

Ransomware usually will encrypt content such as documents and media to force victims to pay a blackmail “fee” to retrieve their files.

It is not often that this particular form of malicious code will tamper with system files or processes which may cause potentially irrevocable damage to an infected PC, as should the machine crash and be fully inaccessible, there is heartbreak for the victim but no incentive to pay.

However, in the Obama ransomware’s case, the malware will seek to encrypt .EXE files in Windows folders, which may cause such damage. This could be the result of inept developers or an oversight on their part.

Once the malware has performed its scans and encrypted files, the following message is displayed alongside an image of former US president Obama:

“Hello, your computer is encrypted by me! Yeah, that means your EXE file isn’t open! Because I encrypted it.

So you can decrypt it, but you have to tip it. This is a big thing. You can email this email: [email protected] gets more information.”

ZDNet has the story