Omerta Ransomware

Posted: June 22, 2018

Omerta Ransomware Description

The Omerta Ransomware is a file-locking Trojan that encrypts or corrupts your documents, pictures, audio, and other media so that they will not open. Infections also are identifiable through the significant changes to filenames and the Notepad ransoming message that the Omerta Ransomware uses for selling its threat actor's unlocking service. PC users should attempt all other data recovery strategies before considering a ransom and use anti-malware products as appropriate for removing the Omerta Ransomware or protecting their computers preemptively.

A Trojan that Hides the Names of Its 'Victims'

A file-locking Trojan whose encryption attacks bears some of the hallmarks of the Scarab Ransomware family is just becoming identifiable, although malware analysts have yet to confirm the relationship with that family in more than a cosmetic sense. Besides the expected dangers of blocking media and demanding money for undoing its attack, the Omerta Ransomware also causes extra issues for anyone trying to ascertain the damages. Unlike most Trojans of its classification, the Omerta Ransomware overwrites the names of every file that it locks down completely.

The Omerta Ransomware doesn't use the traditional pattern of Base64-based encoding on filenames that it locks, and, instead, overwrites the names according to what malware experts are estimating is a unique cipher to this threat. Although this makes which files are being locked non-distinguishable from one another, relatively the Omerta Ransomware also adds two, relatively coherent extensions. One contains the threat actor's free e-mail address for negotiating a ransom, and the second has the '.omerta' string.

The encryption method in use for blocking all of these files is not known yet, although most file-locking Trojans similar to the Omerta Ransomware utilize some form of AES or Rijndael. The Omerta Ransomware also creates a text note for the victim that offers a file-unlocking decryption service in return for a Bitcoin payment of an unrevealed amount. Most of this note, except for the contact details and the ID number (which follows a similar format to the renaming function) is a copy-pasted effort from old versions of the Scarab Ransomware.

The Safe Way to Break a Digital Code of Silence

Some members of the Scarab Ransomware family can have any locked content unlocked through free software available to the public. However, this solution isn't always a possibility, and the Omerta Ransomware may only resemble that family's numerous variants superficially. A robust, network-segregated and regularly-updated backup storage plan is the best protection against file-locking Trojans like the Omerta Ransomware.

Malware analysts are seeing e-mail and brute-force attacks against bad passwords becoming regularly notable infection vectors for different Trojan campaigns that block files for money. Such attacks may disguise the Omerta Ransomware or its installers as workplace documents, news articles, delivery notifications, or other, non-hostile downloads. However, updated brands of anti-malware software can identify most of these threats on sight and should delete the Omerta Ransomware before it can lock any files, which is an attack that, typically, runs without alerting the user with any symptoms.

The Omerta Ransomware adds extra wrinkles into the mix for any compromised PC user who's trying to determine which documents and other media are in harm from its attacks. While this may be a ransom-provoking tactic, any changes to filenames should be irrelevant, in the face of a good backup.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Omerta Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Omerta Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.