OGONIA Ransomware
Posted: August 9, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 410 |
| First Seen: | August 9, 2017 |
|---|---|
| Last Seen: | February 21, 2023 |
| OS(es) Affected: | Windows |
The OGONIA Ransomware is a variant of the CryptMix Ransomware, a file-locking Trojan that may spread via website vulnerabilities. Victims of the OGONIA Ransomware infections can anticipate symptoms including significant filename changes, being unable to open the encrypted media, and text messages asking them to contact the threat actor's e-mail address for recovery. Other, free recovery strategies always are the recommendation of malware experts, and anti-malware products capable of detecting this family previously also should delete the OGONIA Ransomware.
Serving Up Another Trojan Mix-Up
The CryptMix Ransomware (or 'Cryptomix') family continues growing with new variants, most likely, thanks to the influence of third-party threat actors. The latest variant in question, the OGONIA Ransomware, shows few symptoms besides the conventional encryption attack, changes to the names of the locked files, and a brief ransom message. However, the OGONIA Ransomware's limited payload is just as useful as ever for blocking data and holding it for ransom, with no free decryptors in sight currently.
After loading, the OGONIA Ransomware searches the file system for different file formats to encrypt and hold for ransom. This attack can include hundreds of data types, particularly, documents, pictures, and databases, and the Trojan may auto-terminate other processes that limit its access. The blocked files have their names encoded in the Base64, which gives them the appearance of having semi-random alphanumeric characters. The OGONIA Ransomware also uses a unique extension, '.OGONIA,' for labeling purposes.
The OGONIA Ransomware's administrator uses a simple ransom note that contains a custom-generated ID for the victim's use, and an e-mail address for negotiating ransom payments for the file-unlocking decryptor. Typos in the English text are indicative of the threat actor being young or a non-native speaker, although such limitations imply nothing qualitatively about the rest of the OGONIA Ransomware's code since it has a basis in the well-funded CryptMix Ransomware family.
Sealing the CryptMix Ransomware's Offspring Back in Its Crypt
Different versions of the OGONIA Ransomware's family may install themselves through websites that can be designed with threatening purposes, compromised through ad-serving networks, or hacked and edited by remote attackers. These drive-by-download attacks may use EKs like the RIG Exploit Kit for installing Trojans automatically by taking advantage of vulnerabilities in content like Flash and JavaScript. PC users should monitor any new links carefully before clicking them, particularly if their Web browsers aren't using strict security settings.
Typically, the CryptMix Ransomware's variants will use a variation of the AES-based encoding for locking the user's files. While this encryption method sometimes is suitable for free decryption, this Trojan family has undergone various changes to its encrypting methods, over time. Malware experts advise creating copies of any encoded files before testing their compatibility with decryption software that could cause further damage if they're incompatible. Remotely-saved backups can provide a non-decryption-based recovery, and anti-malware products may delete the OGONIA Ransomware or block any browser-based threats that handle its distribution.
Despite their seemingly out of hand growth, the rise of families of threatening software like the OGONIA Ransomware's collective is far from out of the control of the ordinary PC owner. Backing up files and practicing safe Web-browsing behavior can deprive threat actors of the income that makes making Trojans like the OGONIA Ransomware financially worthwhile.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.