Onyx Ransomware

Posted: October 31, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	65

First Seen:	October 31, 2016
OS(es) Affected:	Windows

The Onyx Ransomware is a Trojan that may lock your computer or block its contents, such as work-related files. While the Onyx Ransomware is under development, current indicators as noted by malware experts show this threat in distribution against PC users residing in the nation of Georgia. Scan all incoming files with anti-malware products to remove the Onyx Ransomware before it infects your PC and use backups to make your system less vulnerable to suffering permanent data loss from its payload.

A Trojan with Something Less than a Gemstone's Rarity

The progression of ransom-based Trojan attacks often includes just as much emphasis on sowing fear and panic responses as much as any coding professionalism. Even projects nowhere near the end of a full release cycle, such as the Onyx Ransomware, can be made with the intent of using cheap social engineering tricks as substitutes for properly coded attacks. Malware experts have yet to see functional samples of the Onyx Ransomware in the wild, although its purpose as an extortion-based threat is clear.

The Onyx Ransomware installs itself with an error message-suppressing function that blocks any incidental pop-up alerts Windows might generate during the process. After gathering basic system information, such as details about running programs in memory and the GUID, the Onyx Ransomware creates an image that bears instructions for paying its ransom. For now, the Onyx Ransomware contains no extra features, although its message warns that it will delete 'all files' after a one-day time limit's expiration and supposedly already has encoded them with an unbreakable cipher.

Malware experts only can confirm evidence of the Onyx Ransomware using the Georgian language, placing the threat in the same, rough geopolitical scope as threats like the CryptoJoker Ransomware and the Tarocrypt Ransomware.

Throwing the Onyx Ransomware Back in the Work-in-Progress Tumbler

As a work in active development, the Onyx Ransomware has limited data available about its infrastructure, the history of its administration team, or its possible installation methods. Infection methods for threats like the Onyx Ransomware often emphasize the following exploits:

Corrupted e-mail attachments.
Website-hosted, script-based browser vulnerabilities.
Social engineering-based download links.

Scanning your incoming files with security products, disabling scripts, and having persistent browser protection from threatening domains are several ways to block this potential installation routes. Current samples of the Onyx Ransomware don't provide sufficient information to pay any ransom, which, in any case, malware experts discourage as being highly risky for data recovery purposes. Professional backup software and services provide more practical, and less costly, solutions until one can remove the Onyx Ransomware.

The Onyx Ransomware may be a 'diamond in the rough' as a Trojan clearly, but a coherent reliance on good anti-malware defenses, hopefully, can prevent it from achieving any form of financial polish.

OnyxLocker Ransomware

Onyx Ransomware

Threat Metric

A Trojan with Something Less than a Gemstone's Rarity

Throwing the Onyx Ransomware Back in the Work-in-Progress Tumbler

Related Posts

Leave a Reply