ONIX Ransomware

Posted: February 18, 2020

ONIX Ransomware Description

The ONIX Ransomware is a file-locking Trojan that comes from the small family of the Major Ransomware. The ONIX Ransomware locks files with encryption so that it can ransom the corresponding unlocking service, changes filenames with adding extensions, and creates HTML ransom messages for its victims. Computer users should back their work up as a safeguard against its attacks and apply credible anti-malware products whenever removing the ONIX Ransomware is necessary.

Gaming References Coming in with Your Data Attacks

The minor family of file-locker Trojans, the Major Ransomware, comes with a healthy handful of members appearing since 2018 and 2019, garnering particular attention from Russian cyber-security researchers. While malware experts are familiar with the payloads of members like the AIR Ransomware, the Orion Ransomware, the Mars Ransomware, and the Cube Ransomware, the new the ONIX Ransomware offers a twist to the theme. The ONIX Ransomware is the first of its family leveraging apparent Pokemon gaming references, along with the more traditional encryption and extortion.

The earliest known samples of the ONIX Ransomware are under a megabyte Windows executables, like most of the file-locking Trojans extant currently. Malware researchers estimate no changes of note in the encryption of this family, which is the file-locking mechanism. This attack uses a secure version of AES and RSA algorithms for stopping media from opening in their respective applications, including the user's documents, spreadsheets, pictures, audio, movies and other content.

The ONIX Ransomware's name is an apparent burrowing of a rock monster from Nintendo's Pokemon franchise, although the rest of the payload has no explicit references to the subject. Once the file-locking procedure – potentially including a visible CMD window as part of the process – completes, the ONIX Ransomware drops HTML ransom messages and adds 'ONIX' extensions onto filenames. The notes are in English and use a typical e-mail based negotiating method without giving victims the specific price of the unlocker that decrypts their files.

Burying Rock Monsters Back in the Ground

The ONIX Ransomware is version 1.0.3 of the Major Ransomware family but operates with few differences from its relatives. Users should always back their work up onto another device for securing content from the ONIX Ransomware's encryption attacks, which aren't fixable by free software. On the other hand, paying for a decryptor always comes with a risk of no follow-through from the criminal.

The ONIX Ransomware family has traits that are in-line with threats that target vulnerable businesses and similar professional networks, such as NGOs and government departments. Administrators can render attempted infections ineffectual by using appropriate passwords, limiting admin privileges on user accounts, and applying software updates whenever possible. All users also should maintain awareness of the dangers of e-mail attachments, which malware researchers tend to link to these attacks.

Most cyber-security services with threat detection are identifying this Trojan suitably, although under generic labels. Always remove the ONIX Ransomware and similar threats through dedicated anti-malware tools, when possible, due to necessary changes to the Registry and other Windows settings.

The ONIX Ransomware is a hardly-obscure gaming reference, but its campaign isn't playing games with those whom it harms. Losing access to your files is worse than any monstrous duel – even if a mascot from the latter is the face of the attack.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to ONIX Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware ONIX Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.