Onion3Cry Ransomware Description
The Onion3Cry Ransomware is a new version of Hidden Tear. In addition to blocking files by using encryption on them, the Onion3Cry Ransomware also may disguise itself and its payload by creating fake update-themed symptoms such as pop-ups. Malware experts recommend uninstalling the Onion3Cry Ransomware with an appropriate anti-malware tool to reduce any ongoing file issues and using any of a variety of free solutions for restoring all encrypted media.
The Recycling that Births New Flavors of Trojans
Threat actors often are dedicated to using the hard work of others, both for finding software code and a brand name for publicity. Many Trojans with file-locking functions, like the newest the Onion3Cry Ransomware, can use names that imply one relationship while their attacks originate from elsewhere. As one consequence, any victims have the risk of using unlocking solutions that may not be relevant to their situation necessarily.
Despite the name, the Onion3Cry Ransomware isn't an update of the much older Onion Ransomware. Malware analysts can trace most of its code back to the semi-open-source Hidden Tear, which provides this program with its encryption function. Some of the additions that the threat actor has made independently include a ransom note-based pop-up and a disguise for the encryption attack: a fake update screen.
While it scans your computer for documents and other media to lock, the Onion3Cry Ransomware launches a screen-wide window that pretends to be a software update notification. Its Portuguese text bears the closest resemblance to Windows-standardized phrasing, but the author hasn't imitated the Windows background or loading icon, which he may be saving for a future version. Once it has encrypted and locked your files, the Onion3Cry Ransomware replaces this screen with its second window, asking the user to pay in Bitcoins for the con artist's decryptor.
Dicing Up an Onion's Extorted Earnings
The Onion3Cry Ransomware isn't likely of being the last Trojan malware experts see using updates to hide its attacks, which require time to encrypt the contents of the compromised system. The multi-linguist HACKED Ransomware and the Kryptonite Ransomware also provide similar examples of how Trojans can conduct data-locking functions while they distract the user with minimal effort. In the Onion3Cry Ransomware's case, just knowing the appropriate format of a Windows update and avoiding potential sources of fake ones, such as browser-based pop-ups, should give most users some forewarning of its attacks.
Hidden Tear's variants often use encryption methods that are compatible with free programs that various actors in the security industry host. If you have no other means of recovering your blocked files, malware experts suggest creating copies before testing their chances of unlocking with Hidden Tear-based decryptors. Secure backups can give any victim an even better recovery strategy, and many anti-malware programs may block, quarantine or delete the Onion3Cry Ransomware before its file-locking feature comes to a natural conclusion.
Users in Portuguese-speaking regions are at a high risk from the Onion3Cry Ransomware's incoming campaign particularly. However, Hidden Tear, encryption without consent, and fake software updates are problems for the rest of the world and raise the value of backups accordingly.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Onion3Cry Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
file.exeFile name: file.exe
Size: 37.37 KB (37376 bytes)
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: September 26, 2017