Meet ransomware which wears the face of former president Barack Obama

The peculiar malware asks victims for a "tip" in return for a decryption key.
Written by Charlie Osborne, Contributing Writer

When ransomware first began to infest our home systems, cybercriminals would often use the threat of the FBI and law enforcement to frighten victims enough to pay up.

It's unusual, though, to see the face of a former head of a country as a brand of malware.

Barack Obama's Everlasting Blue Blackmail Virus Ransomware, as tweeted by MalwareHunterTeam, is perhaps one of the more peculiar strains of ransomware which have emerged over the course of this year.

The Windows-based malware is distributed through spam and phishing campaigns and will first scan an infected system for processes associated with antivirus solutions.

As reported by Bleeping Computer, the Obama ransomware will then scan for files ending in .EXE, before encrypting them. Registry keys associated with the executable files are also tampered with so that every time an .EXE file is launched, the virus will, too.

Ransomware usually will encrypt content such as documents and media to force victims to pay a blackmail 'fee' to retrieve their files.

It is not often that this particular form of malicious code will tamper with system files or processes which may cause potentially irrevocable damage to an infected PC, as should the machine crash and be fully inaccessible, there is heartbreak for the victim but no incentive to pay.

See also: What is ransomware? Everything you need to know about one of the biggest menaces on the web

However, in the Obama ransomware's case, the malware will seek to encrypt .EXE files in Windows folders, which may cause such damage. This could be the result of inept developers or an oversight on their part.

Once the malware has performed its scans and encrypted files, the following message is displayed alongside an image of former US president Obama:

"Hello, your computer is encrypted by me! Yeah, that means your EXE file isn't open! Because I encrypted it.
So you can decrypt it, but you have to tip it. This is a big thing. You can email this email: 2200287831@qq.com gets more information."

TechRepublic: Ransomware: A cheat sheet for professionals

Fossbytes reports that the ransomware also erases all the Shadow Volume Copies from infected Windows machines, which will make file recovery more difficult to accomplish.

CNET: Protect your PC with Windows 10's antiransomware tool

The ransomware is detected by 45 out of 68 antivirus solutions, according to VirusTotal.

As painful as it can be, you should not give in and pay up if your system is infected with ransomware. Cybersecurity firms are releasing free decryption keys on a constant basis, and should you submit to blackmail, this would only fuel the ransomware industry further.

A basic guide to diving in to the dark web

Previous and related coverage

Editorial standards