OGONIA Ransomware Description
The OGONIA Ransomware is a variant of the CryptMix Ransomware, a file-locking Trojan that may spread via website vulnerabilities. Victims of the OGONIA Ransomware infections can anticipate symptoms including significant filename changes, being unable to open the encrypted media, and text messages asking them to contact the threat actor's e-mail address for recovery. Other, free recovery strategies always are the recommendation of malware experts, and anti-malware products capable of detecting this family previously also should delete the OGONIA Ransomware.
Serving Up Another Trojan Mix-Up
The CryptMix Ransomware (or 'Cryptomix') family continues growing with new variants, most likely, thanks to the influence of third-party threat actors. The latest variant in question, the OGONIA Ransomware, shows few symptoms besides the conventional encryption attack, changes to the names of the locked files, and a brief ransom message. However, the OGONIA Ransomware's limited payload is just as useful as ever for blocking data and holding it for ransom, with no free decryptors in sight currently.
After loading, the OGONIA Ransomware searches the file system for different file formats to encrypt and hold for ransom. This attack can include hundreds of data types, particularly, documents, pictures, and databases, and the Trojan may auto-terminate other processes that limit its access. The blocked files have their names encoded in the Base64, which gives them the appearance of having semi-random alphanumeric characters. The OGONIA Ransomware also uses a unique extension, '.OGONIA,' for labeling purposes.
The OGONIA Ransomware's administrator uses a simple ransom note that contains a custom-generated ID for the victim's use, and an e-mail address for negotiating ransom payments for the file-unlocking decryptor. Typos in the English text are indicative of the threat actor being young or a non-native speaker, although such limitations imply nothing qualitatively about the rest of the OGONIA Ransomware's code since it has a basis in the well-funded CryptMix Ransomware family.
Sealing the CryptMix Ransomware's Offspring Back in Its Crypt
Typically, the CryptMix Ransomware's variants will use a variation of the AES-based encoding for locking the user's files. While this encryption method sometimes is suitable for free decryption, this Trojan family has undergone various changes to its encrypting methods, over time. Malware experts advise creating copies of any encoded files before testing their compatibility with decryption software that could cause further damage if they're incompatible. Remotely-saved backups can provide a non-decryption-based recovery, and anti-malware products may delete the OGONIA Ransomware or block any browser-based threats that handle its distribution.
Despite their seemingly out of hand growth, the rise of families of threatening software like the OGONIA Ransomware's collective is far from out of the control of the ordinary PC owner. Backing up files and practicing safe Web-browsing behavior can deprive threat actors of the income that makes making Trojans like the OGONIA Ransomware financially worthwhile.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to OGONIA Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.