Onion3Cry Ransomware

Posted: September 26, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 92

Onion3Cry Ransomware Description


The Onion3Cry Ransomware is a new version of Hidden Tear. In addition to blocking files by using encryption on them, the Onion3Cry Ransomware also may disguise itself and its payload by creating fake update-themed symptoms such as pop-ups. Malware experts recommend uninstalling the Onion3Cry Ransomware with an appropriate anti-malware tool to reduce any ongoing file issues and using any of a variety of free solutions for restoring all encrypted media.

The Recycling that Births New Flavors of Trojans

Threat actors often are dedicated to using the hard work of others, both for finding software code and a brand name for publicity. Many Trojans with file-locking functions, like the newest the Onion3Cry Ransomware, can use names that imply one relationship while their attacks originate from elsewhere. As one consequence, any victims have the risk of using unlocking solutions that may not be relevant to their situation necessarily.

Despite the name, the Onion3Cry Ransomware isn't an update of the much older Onion Ransomware. Malware analysts can trace most of its code back to the semi-open-source Hidden Tear, which provides this program with its encryption function. Some of the additions that the threat actor has made independently include a ransom note-based pop-up and a disguise for the encryption attack: a fake update screen.

While it scans your computer for documents and other media to lock, the Onion3Cry Ransomware launches a screen-wide window that pretends to be a software update notification. Its Portuguese text bears the closest resemblance to Windows-standardized phrasing, but the author hasn't imitated the Windows background or loading icon, which he may be saving for a future version. Once it has encrypted and locked your files, the Onion3Cry Ransomware replaces this screen with its second window, asking the user to pay in Bitcoins for the con artist's decryptor.

Dicing Up an Onion's Extorted Earnings

The Onion3Cry Ransomware isn't likely of being the last Trojan malware experts see using updates to hide its attacks, which require time to encrypt the contents of the compromised system. The multi-linguist HACKED Ransomware and the Kryptonite Ransomware also provide similar examples of how Trojans can conduct data-locking functions while they distract the user with minimal effort. In the Onion3Cry Ransomware's case, just knowing the appropriate format of a Windows update and avoiding potential sources of fake ones, such as browser-based pop-ups, should give most users some forewarning of its attacks.

Hidden Tear's variants often use encryption methods that are compatible with free programs that various actors in the security industry host. If you have no other means of recovering your blocked files, malware experts suggest creating copies before testing their chances of unlocking with Hidden Tear-based decryptors. Secure backups can give any victim an even better recovery strategy, and many anti-malware programs may block, quarantine or delete the Onion3Cry Ransomware before its file-locking feature comes to a natural conclusion.

Users in Portuguese-speaking regions are at a high risk from the Onion3Cry Ransomware's incoming campaign particularly. However, Hidden Tear, encryption without consent, and fake software updates are problems for the rest of the world and raise the value of backups accordingly.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Onion3Cry Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 37.37 KB (37376 bytes)
MD5: a4046a44b24f172d662e01bd05ac046b
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: September 26, 2017

More files

Home Malware Programs Ransomware Onion3Cry Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.