Exorcist Ransomware

The Exorcist Ransomware is a newly identified data-locker that targets unsuspecting users online. Threats like the Exorcist Ransomware are very threatening, as they would encrypt all your files and make them unusable. After encrypting the data, the ransomware threat would demand that the user pay a fee to receive a decryptor.

Propagation and Encryption

The Exorcist Ransomware is likely delivered to users via spam emails. These phishing emails usually contain a corrupted link or a fraudulent attached file, which carries the payload of the threat. Among other popular distribution methods are:

• Fake application downloads and updates.
• corrupted advertisements.
• Bogus social media profiles.
• Torrent trackers.
• Fraudulent, pirated copies of video games or popular applications.

Upon infiltrating your PC, the Exorcist Ransomware will scan your data. This data-locker goes after .ppt, .pptx, .doc, .docx, .txt, .pdf, .xlsx, .xls, .db, .zip, .rar, .jpeg, .jpg, .svg, .png, .bmp, .gif, .mp3, .midi, .mid, .aac, .wav, .mp4, .mov, .webm and many other filetypes. This means that nearly all the data present on your computer will be securely encrypted. The Exorcist Ransomware marks the encrypted files by adding a new extension to their names. In the case of the Exorcist Ransomware, the extension appears to be a random string of six characters. It would appear that this file-locker generates a new and unique extension for each victim.

The Ransom Note

After encrypting the files, the Exorcist Ransomware will drop a ransom note named ‘<random 6-char ext>-decrypt.hta.’ In the ransom note, the attackers ask to be paid $5000 in Bitcoin. The attackers include instructions in regard to obtaining Bitcoin for users who have no experience with cryptocurrencies. The authors of the Exorcist Ransomware offer to unlock one file for free. The requirements are that the file is an image (BMP, JPG, or PNG), does not contain important information, and does not exceed 3MB in size.

It is best to ignore the demands of cybercriminals. There is no reason to fund their criminal activity as paying up does not guarantee you that you will receive the decryption key that you need to recover your files. It is advisable to consider investing in a reputable, modern anti-virus software suite that will remove the Exorcist Ransomware from your system.