OnyxLocker Ransomware
The OnyxLocker Ransomware is a file-locking Trojan that can block your PC's media files, such as documents. The OnyxLocker Ransomware creates Russian-language ransom notes, in most cases, although the encryption feature it uses endangers media around the world. Most anti-malware services should find and remove the OnyxLocker Ransomware automatically, and responsible backup behavior can reduce any risk from infections.
Surveying Name-Changing Trojans in Russia
A Trojan that could be a new family in the early stages of propagation is appearing in numbers around Russia. Security researchers familiar with threats in that region are confirming it as a new, file-locking Trojan, with the typical pretensions towards ransoming files through a for-sale decryptor. However, the OnyxLocker Ransomware is demonstrating significant flexibility in how it tries extorting this money.
The OnyxLocker Ransomware is a Windows Trojan that enumerates the system's folders for finding files before encrypting them with a Corrected Block TEA, or XXTEA, algorithms. Along with stopping documents, pictures, and similar content from opening by converting them this way, the OnyxLocker Ransomware also adds an extension. Here, malware experts see differences between versions, with some builds appending 'onx,' and others appending the Russian-language equivalent of 'Christina.'
The OnyxLocker Ransomware then drops several text messages on the user's desktop, differentiated by numbers, although the contents are identical. Some versions of the OnyxLocker Ransomware demand 100 Bitcoins to a wallet address, while others give an e-mail as a way of contact, as well as a harsh twelve-hour deadline. Such a strict timing limit could force victims into paying before realizing that other, cheaper means of data recovery could be possible.
Stopping Russian Trojans from Hitting Their Payday
The OnyxLocker Ransomware is a relatively simple program, which shows few of the security features or obfuscation that Ransomware-as-a-Service families like the Scarab Ransomware (another Trojan that operates in the same area) might employ. Additionally, the XXTEA encryption that it uses in place of the more-common AES and RSA double-punch is vulnerable to decryption attempts by a third-party theoretically. Users should always back their work up to secured devices, but if a backup is unavailable, victims should contact a cryptography-experienced researcher for assistance.
This Trojan is in active circulation under multiple variants and may harm users outside of Russia just as easily as residents of that nation. Server admins should monitor software versions for patchable vulnerabilities and password usage for brute-force possibilities to amend at the first opportunity, especially. Most file-locking Trojan campaigns will compromise targets according to conveniently-weak security protocols, or scams such as fake e-mail attachments.
Windows-compatible brands of anti-malware solutions also should flag and delete the OnyxLocker Ransomware properly in a clear majority of cases.
The OnyxLocker Ransomware is another notification that Russia's convenient pseudo-immunity to Black Hat campaigns is long over. Whether the criminals in question are living inside the borders or outside, they're trying to make money from Russian residents the same way that they'd do so from anyone else: by extortion.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.