OhNo Ransomware

Posted: August 31, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	29

First Seen:	August 31, 2017
OS(es) Affected:	Windows

The OhNo! Ransomware is a threat that encrypts media on your PC to hold it hostage until you pay a ransom with the Monero crypto currency. It usually will use misleading file data to disguise itself as another program, with pop-ups and other symptoms appearing after it finishes locking your files. Because decryption for free has yet to be available, malware experts suggest that you back up your content and have anti-malware programs block or remove the OhNo! Ransomware in appropriate circumstances.

The File-Snatching 'Web Browser'

Fake freeware and shareware downloads are one of the most conventional methods of circulating Trojans and other sub-types of threatening software. Threat actors without any desire to compromise relatively secure targets, such as business sector entities or a government branch's networks, often rely on the victims downloading their misnamed software at random. Such attacks appear to be at the epicenter of the OhNo! Ransomware's campaign: a new brand of Trojan specializing in file-ransoming encryption.

The OhNo! Ransomware's executable describes itself as being the Chrome Web browser, a free Web-browsing program with a substantial user base. Although it has a more limited encryption whitelist than most Trojans of its kind, the OhNo! Ransomware does encipher the Windows profile's media folders, as well as the contents of the desktop, and the default Windows Downloads folder. It uses an AES-based cipher for blocking the victim's files, and malware experts find no immediate vulnerabilities for allowing a third-party to crack it.

All files that the OhNo! Ransomware locks will have appended '.OhNo!' extensions in their names. The Trojan swaps the desktop's wallpaper with a statue-themed image it includes in its payload additionally. It generates a Windows message box for displaying its ransoming message, which asks the user to pay Monero currency to decode and unlock their media.

Just Saying No to a Fake Browser

As the most popular Web-browsing application of the past few years, Chrome is equally favorable as a disguise for Trojans that use consensual download and install methods. Always go to an official website or download resources endorsed by one before trusting a download of a well-known product like Chrome, Firefox or Edge. Although most versions of the OhNo! Ransomware will have misleading names and file data, the Trojan has a minimum of defense against being identified by most brands of dedicated anti-malware software.

Delaying any response to the OhNo! Ransomware until symptoms are apparent can cause permanent damage to your documents and other files. Having secure backups can keep file-encrypting threats from taking your media hostage, and paying ransoms, cryptocurrency ones like Monero or Bitcoin particularly don't always provide access to a decryptor. Always disinfect your PC with anti-malware products that can remove the OhNo! Ransomware safely while also determining whether any other threats are arriving through the same infection vector.

The growth of technology also comes with downsides, such as letting remote attackers reach into your PC and collect your digital belongings potentially. Doing what you can to protect your files before a problem's arrival can cripple the profitability of campaigns like the OhNo! Ransomware's fake Chrome attacks.

OhNo Ransomware

Threat Metric

The File-Snatching 'Web Browser'

Just Saying No to a Fake Browser

Leave a Reply