OnyonLock Ransomware

Posted: May 16, 2017
Threat Metric
Threat Level: 8/10
Infected PCs 201

OnyonLock Ransomware Description

The OnyonLock Ransomware is an updated release of the BTCWare Trojan, which can lock your files through non-consensual encryption. This threat's authors are demanding variable Bitcoin ransoms through text messages to their victims currently, although paying may not decrypt the content that they're holding hostage necessarily. A majority of users should protect their files with backups, and the rest of their PCs with anti-malware programs for removing the OnyonLock Ransomware when detected.

Bitcoin Trojans with New Names by the Month

The lesser-known family of file-encryptor Trojans referred to as Cryptobyte Ransomware and the Crptxxx Ransomware, although the main differences are changes to the ransom addresses of the threat actors. For the victims, the symptoms still are having their files blocked, their backups wiped, and the appearance of extortion-themed messages.

The OnyonLock Ransomware scans the compromised PC for files including documents, spreadsheets, and other formats associated with work or another media. While doing so, it makes the following attacks:

  • Appropriate data go through an encryption routine using an AES-based cipher, which makes the affected files unreadable.
  • Their filenames also experience separate edits: the insertion of the '.onyon' extension, which is custom to the OnyonLock Ransomware branch of BTCWare.
  • The Trojan generates a custom ID string for the infected PC, which it uses later in the ransoming process (see below).
  • Lastly, the OnyonLock Ransomware creates an INF format text file that contains its threat actor's demands for unlocking your data: Bitcoin payments made to an unspecified wallet, of an amount determinable by the victim's response time. Malware analysts see two variants of this message, although the only significant change lies in which e-mail address they provide for negotiating.

Drying Your Tears over the 'Onyon' Files

Although the above features are the most obvious parts of the OnyonLock Ransomware's payload, the Trojan also commits attacks with less than visible side effects. Local backups, especially SVC data, is subject to deletion, and malware experts sometimes see the OnyonLock Ransomware disabling the Windows Startup Repair feature. Besides being problematic for your PC's security, these functions also can be obstacles stopping the recovery of any content that the OnyonLock Ransomware locks.

Non-localized backups kept in USB drives, DVDs, or cloud storage servers are at less risk of attack by threats like the OnyonLock Ransomware significantly. Although malware experts can't yet confirm all distribution methods in use in the OnyonLock Ransomware's campaign, file-encrypting Trojans often circulate via corrupted website exploits and e-mail spam attachments. Free decryptors sometimes are available for the BTCWare family of threats, and malware experts recommend using them for any additional data recovery before or after removing the OnyonLock Ransomware with a suitable anti-malware program.

You needn't pay for retrieving files from the encryption-based blockades of most threats like the OnyonLock Ransomware. However, in these attacks, the con artists often are reliant on pressuring you with time limits into paying them before you realize that the Web has free alternatives.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to OnyonLock Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware OnyonLock Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.