Home Malware Programs Ransomware Hentai Onichan Ransomware

Hentai Onichan Ransomware

Posted: March 17, 2020

The Hentai Onichan Ransomware is a file-locker Trojan that's a variant of the prior Quimera Ransomware. Besides the differences in its ransom notes and extensions, it launches attacks similar to its ancestor, which will 'lock' files on your computer by encrypting them. Users can, as always, save and recover their work with appropriate backups and let reliable anti-malware products manage the removal of the Hentai Onichan Ransomware.

The Start of the Quimera Ransomware Family

Small families of file-locking Trojans, while not as economically substantial as their Ransomware-as-a-Service counterparts like the Djvu Ransomware or the Crysis Ransomware, are scarcely any less deadly to victims' files. After the recent confirmation of a newly-sampled, independent Trojan, the Quimera Ransomware, malware experts are unsurprised at finding another variant of it, just two months later. The Hentai Onichan Ransomware, however, is more than a copy-and-paste project, and shows some strange alterations in its extortion 'business service.'

The Hentai Onichan Ransomware – its name is a possible reference to a Japanese fetish – is, just like the Quimera Ransomware, a 32-bit Windows program. Samples are using semi-random, false copyright information and names such as 'opera32' (the 'Opera' browser), 'svchst' (a reference to a Windows component), and 'skypeapp' for faking their identities. As always, the core feature of this file-locker Trojan's payload is being able to block files of formats like documents and other media from opening, which it does by encrypting them.

Unlike the Quimera Ransomware, the Hentai Onichan Ransomware makes some changes to the Notepad message it gives to victims for selling its unlocker. The Hentai Onichan Ransomware asks for a vast Bitcoin sum of thirty coins (equal to over one hundred thousand USD), identifies itself by its name, and uses a new address for its wallet. The latter, unsurprisingly, has no payments. Typically, malware experts anticipate attacks with these quantities of ransoms leveraging against a business or government entity, such as networks using non-secure passwords.

Sparing Yourself of Poverty and Your Files of Encryption

Ransom payments to criminals for decryptors not only incur significant expenses but run risks such as being ignored after making the payment or being given a faulty unlocking service that corrupts the files. Users can depend on appropriately-secure backups as both the cheapest and most reliable way of getting data back. Accordingly, malware analysts always recommend saving copies of essential files to USBs, DVDs, cloud services and similar locations.

The Hentai Onichan Ransomware lacks the browser-blocking features of threats like the STOP Ransomware Ransomware-as-a-Service or the Jigsaw Ransomware en masse data deletion. However, it remains threatening to any Windows user's files, and, presently, there is no freeware decryptor available for it. Users can curate their download resources for dangers, disable browser scripts, and scan torrents and e-mail attachments as potential ways of blocking the Hentai Onichan Ransomware's installation tactics.

Detection rates for the Hentai Onichan Ransomware are hovering slightly below the percentages of most Ransomware-as-a-Service counterparts, on an industry-wide scale. Users should update their anti-malware products, whenever possible, for accurately containing and deleting the Hentai Onichan Ransomware.

The Hentai Onichan Ransomware's name may be a Japanese aficionado's idea of a joke, but there's little amusing about what it does to a computer. No matter how annoying it is, a few minutes a week of backing up your work is cheaper than paying thirty Bitcoins.

Loading...