Exorcist 2.0 Ransomware

The authors of the Exorcist Ransomware were not happy with the state of their file-locker apparently, and they decided to release a second version, which is supposed to include various improvements. The threat, called Exorcist 2.0 Ransomware conveniently, is able to lock a wide variety of files. Once the Exorcist 2.0 Ransomware takes a file hostage, it will append a new extension to its name. This version of the malware appears to generate a random victim ID that will be used in the names of locked files, as well as in the name of the ransom note. For example, if the document '1.docx' was locked by the Exorcist 2.0 Ransomware, it could be named '1.docx.KJAkZ.'

Just like the original Exorcist Ransomware, this one also uses the ransom note called '<VICTIM ID>-decrypt.hta.' Apparently, the malware authors have not bothered to make any changes to the Exorcist 2.0 Ransomware's obvious changes, but they have implemented a new file-encryption algorithm. Unfortunately, the Exorcist 2.0 Ransomware is not decryptable for free at the time of writing this post, and its victims might find it difficult to get their files back.

Exorcist 2.0 Ransomware's ransom note advises the victim to visit a TOR-based payment portal, as well as prepare a ransom fee of $300. As usual, ransomware criminals do not operate with traditional currencies and, instead, they want to receive the payment via Bitcoin. Co-operating with the criminals behind the Exorcist 2.0 Ransomware project is not a good idea, and you should avoid messaging them. The advice is to run a suitable anti-malware tool and then look for reliable data restoration tools and options.