Exorcist 2.0 ransomware is pushed by fake software crack sites

Security researcher Nao_Sec discovered, that PopCash malicious advertisement is used to redirect users to fake crack websites, that actually distribute Exorcist 2.0 ransomware. The crack sites use download links for various copyright protected breaching software (for example Windows 10 activator) as a disguise for the ransomware distribution. The actual download contains password-protected zip file and text file with its password. That allows the download to go under the radar of security software. Running the setup program will cause the encryption of system files with links to payment sites. Victims are allowed to decrypt one file and to chat with threat actors to ransom the money. The ransom price varies from 250$ to 10000$ and possibly even higher. Read more...