OnyxLocker Ransomware

Posted: January 23, 2020

OnyxLocker Ransomware Description

The OnyxLocker Ransomware is a file-locking Trojan that can block your PC's media files, such as documents. The OnyxLocker Ransomware creates Russian-language ransom notes, in most cases, although the encryption feature it uses endangers media around the world. Most anti-malware services should find and remove the OnyxLocker Ransomware automatically, and responsible backup behavior can reduce any risk from infections.

Surveying Name-Changing Trojans in Russia

A Trojan that could be a new family in the early stages of propagation is appearing in numbers around Russia. Security researchers familiar with threats in that region are confirming it as a new, file-locking Trojan, with the typical pretensions towards ransoming files through a for-sale decryptor. However, the OnyxLocker Ransomware is demonstrating significant flexibility in how it tries extorting this money.

The OnyxLocker Ransomware is a Windows Trojan that enumerates the system's folders for finding files before encrypting them with a Corrected Block TEA, or XXTEA, algorithms. Along with stopping documents, pictures, and similar content from opening by converting them this way, the OnyxLocker Ransomware also adds an extension. Here, malware experts see differences between versions, with some builds appending 'onx,' and others appending the Russian-language equivalent of 'Christina.'

The OnyxLocker Ransomware then drops several text messages on the user's desktop, differentiated by numbers, although the contents are identical. Some versions of the OnyxLocker Ransomware demand 100 Bitcoins to a wallet address, while others give an e-mail as a way of contact, as well as a harsh twelve-hour deadline. Such a strict timing limit could force victims into paying before realizing that other, cheaper means of data recovery could be possible.

Stopping Russian Trojans from Hitting Their Payday

The OnyxLocker Ransomware is a relatively simple program, which shows few of the security features or obfuscation that Ransomware-as-a-Service families like the Scarab Ransomware (another Trojan that operates in the same area) might employ. Additionally, the XXTEA encryption that it uses in place of the more-common AES and RSA double-punch is vulnerable to decryption attempts by a third-party theoretically. Users should always back their work up to secured devices, but if a backup is unavailable, victims should contact a cryptography-experienced researcher for assistance.

This Trojan is in active circulation under multiple variants and may harm users outside of Russia just as easily as residents of that nation. Server admins should monitor software versions for patchable vulnerabilities and password usage for brute-force possibilities to amend at the first opportunity, especially. Most file-locking Trojan campaigns will compromise targets according to conveniently-weak security protocols, or scams such as fake e-mail attachments.

Windows-compatible brands of anti-malware solutions also should flag and delete the OnyxLocker Ransomware properly in a clear majority of cases.

The OnyxLocker Ransomware is another notification that Russia's convenient pseudo-immunity to Black Hat campaigns is long over. Whether the criminals in question are living inside the borders or outside, they're trying to make money from Russian residents the same way that they'd do so from anyone else: by extortion.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to OnyxLocker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware OnyxLocker Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.