OGONIA Ransomware

Posted: August 9, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 297

OGONIA Ransomware Description

The OGONIA Ransomware is a variant of the CryptMix Ransomware, a file-locking Trojan that may spread via website vulnerabilities. Victims of the OGONIA Ransomware infections can anticipate symptoms including significant filename changes, being unable to open the encrypted media, and text messages asking them to contact the threat actor's e-mail address for recovery. Other, free recovery strategies always are the recommendation of malware experts, and anti-malware products capable of detecting this family previously also should delete the OGONIA Ransomware.

Serving Up Another Trojan Mix-Up

The CryptMix Ransomware (or 'Cryptomix') family continues growing with new variants, most likely, thanks to the influence of third-party threat actors. The latest variant in question, the OGONIA Ransomware, shows few symptoms besides the conventional encryption attack, changes to the names of the locked files, and a brief ransom message. However, the OGONIA Ransomware's limited payload is just as useful as ever for blocking data and holding it for ransom, with no free decryptors in sight currently.

After loading, the OGONIA Ransomware searches the file system for different file formats to encrypt and hold for ransom. This attack can include hundreds of data types, particularly, documents, pictures, and databases, and the Trojan may auto-terminate other processes that limit its access. The blocked files have their names encoded in the Base64, which gives them the appearance of having semi-random alphanumeric characters. The OGONIA Ransomware also uses a unique extension, '.OGONIA,' for labeling purposes.

The OGONIA Ransomware's administrator uses a simple ransom note that contains a custom-generated ID for the victim's use, and an e-mail address for negotiating ransom payments for the file-unlocking decryptor. Typos in the English text are indicative of the threat actor being young or a non-native speaker, although such limitations imply nothing qualitatively about the rest of the OGONIA Ransomware's code since it has a basis in the well-funded CryptMix Ransomware family.

Sealing the CryptMix Ransomware's Offspring Back in Its Crypt

Different versions of the OGONIA Ransomware's family may install themselves through websites that can be designed with threatening purposes, compromised through ad-serving networks, or hacked and edited by remote attackers. These drive-by-download attacks may use EKs like the RIG Exploit Kit for installing Trojans automatically by taking advantage of vulnerabilities in content like Flash and JavaScript. PC users should monitor any new links carefully before clicking them, particularly if their Web browsers aren't using strict security settings.

Typically, the CryptMix Ransomware's variants will use a variation of the AES-based encoding for locking the user's files. While this encryption method sometimes is suitable for free decryption, this Trojan family has undergone various changes to its encrypting methods, over time. Malware experts advise creating copies of any encoded files before testing their compatibility with decryption software that could cause further damage if they're incompatible. Remotely-saved backups can provide a non-decryption-based recovery, and anti-malware products may delete the OGONIA Ransomware or block any browser-based threats that handle its distribution.

Despite their seemingly out of hand growth, the rise of families of threatening software like the OGONIA Ransomware's collective is far from out of the control of the ordinary PC owner. Backing up files and practicing safe Web-browsing behavior can deprive threat actors of the income that makes making Trojans like the OGONIA Ransomware financially worthwhile.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to OGONIA Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware OGONIA Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.