'.onion File Extension' Ransomware

Posted: April 20, 2017

'.onion File Extension' Ransomware Description

The '.onion File Extension' Ransomware is a Trojan that holds your local files hostage for ransom payments. The encryption attacks may or may not be reversible by free decryption solutions, although readers can protect their files by backing them up, monitoring vulnerabilities in their network configurations, and avoiding spam e-mails. Always uninstall the '.onion File Extension' Ransomware with a dedicated anti-malware product that can account for any secondary threats playing secondary roles in the infection of your PC.

A Sharp Aroma Drifting into Your File Directory

Only recently, one of the latest updates to the Dharma Ransomware branch of the Crysis Ransomware family received confirmation of being in deployment. In spite of the potentially confusing brand labels, the '.onion File Extension' Ransomware is unrelated to the Onion Ransomware of two years ago, although all of these threats include the same broad style of attack.

The '.onion File Extension' Ransomware uses asymmetrical encryption methods, such as the AES-256 and RSA-2048, to encipher and block your local content. While this Trojan's family doesn't damage the operating system deliberately, your media like documents are routine inclusions in the scope of these file-locking attacks. The filename-changing format continues with the tradition of generating e-mail addresses, ID serial numbers, and new extensions ('.onion,' in this case) for each file.

The Trojan also muddies the waters of its identity, possibly deliberately, by delivering a pop-up ransom message that's designed to look like a component of the Globe Ransomware family. This HTA window relays instructions on buying Bitcoins to get a decryption solution, although the threat actor can take the payment without providing the victim with his half of the deal necessarily.

Preempting the Tears over an '.onion File Extension' Ransomware Tragedy

The '.onion File Extension' Ransomware is most likely spreading in one of two ways preferred by threat actors with experience in the Dharma Ransomware branch of its family. These infection vectors consist of:

  • Weak Remote Desktop Protocol settings can let hackers access your PC remotely and install threats like the '.onion File Extension' Ransomware at will. Compromises of short or simple passwords are most often responsible for RDP attacks, particularly against business sector entities.
  • E-mail attachments also are well-used methods of distributing Trojans of this type to otherwise difficult to access targets The attached file may disguise itself as a message from a fellow employee or a third-party company such as a package delivery service.

Free decryption solutions are extant for some versions of the Crysis Ransomware family. Despite that possible recovery option, malware analysts encourage blocking the '.onion File Extension' Ransomware's installation heavily and deleting this threat with anti-malware products before it can begin encoding any media.

The '.onion File Extension' Ransomware can confuse any victims with its wholesale theft of ransom notes from the campaigns of other cyber thieves easily. Beyond that, its update also shows the increasing interest that threat actors are taking in both lying to any victims and providing engaging kinds of social engineering for parting you from your money increasingly.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '.onion File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware '.onion File Extension' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.