Exorcist
Intelligence Profile
According to PCrisk, Exorcist is a ransomware-type malicious program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with an extension consisting of a ransom string of characters.
For example, a file originally named "1.jpg" could appear as something similar to "1.jpg.rnyZoV" following encryption. After this process is complete, Exorcist ransomware changes the desktop wallpaper and drops HTML applications - "[random-string]-decrypt.hta" (e.g. "rnyZoV-decrypt.hta") - into affected folders. These files contain identical ransom messages.
Threat Analysis
Exorcist is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
Financially motivated threat actors like Exorcist prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, Exorcist is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.