Exploit6 Ransomware Encrypts Files & Demands Money

ransomware

Exploit6 is the name of a newly discovered ransomware strain. The new malware does not seem to belong to any bigger ransomware family.

Exploit6 encrypts files on the targeted system and scrambles their contents. Encrypted files will receive the ".exploit6" extension appended after their original one. This process will turn a file named "image.jpg" into "image.jpg.exploit6" upon encryption.

The encryption process will affect documents, media files, archives and databases. Files that are essential to the operation of Windows will remain intact.

The ransom note is dropped inside a plain text file named "READMI.txt". The full ransom note goes as follows:

Attention! All your files are encrypted!

To restore your files and access them,

send an SMS with the text - to the User Telegram @root_exploit6

You have 1 attempts to enter the code. If this

amount is exceeded, all data will irreversibly deteriorate. Be

careful when entering the code!

Glory exploit dot in

It is not clear what code the ransomware operator expects, as there is no victim code contained in the note itself, nor in the names of encrypted files. This might mean that the ransomware works as a wiper as there might not be a way to recover files.

September 26, 2022