OhNo Ransomware

Posted: August 31, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 29

OhNo Ransomware Description


The OhNo! Ransomware is a threat that encrypts media on your PC to hold it hostage until you pay a ransom with the Monero crypto currency. It usually will use misleading file data to disguise itself as another program, with pop-ups and other symptoms appearing after it finishes locking your files. Because decryption for free has yet to be available, malware experts suggest that you back up your content and have anti-malware programs block or remove the OhNo! Ransomware in appropriate circumstances.

The File-Snatching 'Web Browser'

Fake freeware and shareware downloads are one of the most conventional methods of circulating Trojans and other sub-types of threatening software. Threat actors without any desire to compromise relatively secure targets, such as business sector entities or a government branch's networks, often rely on the victims downloading their misnamed software at random. Such attacks appear to be at the epicenter of the OhNo! Ransomware's campaign: a new brand of Trojan specializing in file-ransoming encryption.

The OhNo! Ransomware's executable describes itself as being the Chrome Web browser, a free Web-browsing program with a substantial user base. Although it has a more limited encryption whitelist than most Trojans of its kind, the OhNo! Ransomware does encipher the Windows profile's media folders, as well as the contents of the desktop, and the default Windows Downloads folder. It uses an AES-based cipher for blocking the victim's files, and malware experts find no immediate vulnerabilities for allowing a third-party to crack it.

All files that the OhNo! Ransomware locks will have appended '.OhNo!' extensions in their names. The Trojan swaps the desktop's wallpaper with a statue-themed image it includes in its payload additionally. It generates a Windows message box for displaying its ransoming message, which asks the user to pay Monero currency to decode and unlock their media.

Just Saying No to a Fake Browser

As the most popular Web-browsing application of the past few years, Chrome is equally favorable as a disguise for Trojans that use consensual download and install methods. Always go to an official website or download resources endorsed by one before trusting a download of a well-known product like Chrome, Firefox or Edge. Although most versions of the OhNo! Ransomware will have misleading names and file data, the Trojan has a minimum of defense against being identified by most brands of dedicated anti-malware software.

Delaying any response to the OhNo! Ransomware until symptoms are apparent can cause permanent damage to your documents and other files. Having secure backups can keep file-encrypting threats from taking your media hostage, and paying ransoms, cryptocurrency ones like Monero or Bitcoin particularly don't always provide access to a decryptor. Always disinfect your PC with anti-malware products that can remove the OhNo! Ransomware safely while also determining whether any other threats are arriving through the same infection vector.

The growth of technology also comes with downsides, such as letting remote attackers reach into your PC and collect your digital belongings potentially. Doing what you can to protect your files before a problem's arrival can cripple the profitability of campaigns like the OhNo! Ransomware's fake Chrome attacks.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to OhNo Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware OhNo Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.