ONIX Ransomware
The ONIX Ransomware is a file-locking Trojan that comes from the small family of the Major Ransomware. The ONIX Ransomware locks files with encryption so that it can ransom the corresponding unlocking service, changes filenames with adding extensions, and creates HTML ransom messages for its victims. Computer users should back their work up as a safeguard against its attacks and apply credible anti-malware products whenever removing the ONIX Ransomware is necessary.
Gaming References Coming in with Your Data Attacks
The minor family of file-locker Trojans, the Major Ransomware, comes with a healthy handful of members appearing since 2018 and 2019, garnering particular attention from Russian cyber-security researchers. While malware experts are familiar with the payloads of members like the AIR Ransomware, the Orion Ransomware, the Mars Ransomware, and the Cube Ransomware, the new the ONIX Ransomware offers a twist to the theme. The ONIX Ransomware is the first of its family leveraging apparent Pokemon gaming references, along with the more traditional encryption and extortion.
The earliest known samples of the ONIX Ransomware are under a megabyte Windows executables, like most of the file-locking Trojans extant currently. Malware researchers estimate no changes of note in the encryption of this family, which is the file-locking mechanism. This attack uses a secure version of AES and RSA algorithms for stopping media from opening in their respective applications, including the user's documents, spreadsheets, pictures, audio, movies and other content.
The ONIX Ransomware's name is an apparent burrowing of a rock monster from Nintendo's Pokemon franchise, although the rest of the payload has no explicit references to the subject. Once the file-locking procedure – potentially including a visible CMD window as part of the process – completes, the ONIX Ransomware drops HTML ransom messages and adds 'ONIX' extensions onto filenames. The notes are in English and use a typical e-mail based negotiating method without giving victims the specific price of the unlocker that decrypts their files.
Burying Rock Monsters Back in the Ground
The ONIX Ransomware is version 1.0.3 of the Major Ransomware family but operates with few differences from its relatives. Users should always back their work up onto another device for securing content from the ONIX Ransomware's encryption attacks, which aren't fixable by free software. On the other hand, paying for a decryptor always comes with a risk of no follow-through from the criminal.
The ONIX Ransomware family has traits that are in-line with threats that target vulnerable businesses and similar professional networks, such as NGOs and government departments. Administrators can render attempted infections ineffectual by using appropriate passwords, limiting admin privileges on user accounts, and applying software updates whenever possible. All users also should maintain awareness of the dangers of e-mail attachments, which malware researchers tend to link to these attacks.
Most cyber-security services with threat detection are identifying this Trojan suitably, although under generic labels. Always remove the ONIX Ransomware and similar threats through dedicated anti-malware tools, when possible, due to necessary changes to the Registry and other Windows settings.
The ONIX Ransomware is a hardly-obscure gaming reference, but its campaign isn't playing games with those whom it harms. Losing access to your files is worse than any monstrous duel – even if a mascot from the latter is the face of the attack.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.