Oonn Ransomware

Posted: August 10, 2020

Oonn Ransomware Description

The Oonn Ransomware is a file-locking Trojan that's from STOP Ransomware's Ransomware-as-a-Service business. Like most RaaSes, it uses a (usually, secure) encryption routine for keeping users from opening their media files and drops a ransom note. Recovery through backups and anti-malware products for removing the Oonn Ransomware always is superior to paying its ransom.

The Incessant Onset of the STOP Ransomware Business

Whether it's called STOP Ransomware or Djvu Ransomware, according to two of its earliest campaigns, the Ransomware-as-a-Service family is prolific and a popular item among threat actors without personal programming interests. From the early days of the Fordan Ransomware and the Todarius Ransomware to new threats like the Nile Ransomware, the Nppp Ransomware, and the Oonn Ransomware, their features show significant internal consistency. Like the others, the Oonn Ransomware changes little about how it attacks users, finding the potency of secure encryption more than threatening enough for ransoming files.

After it infects a Windows PC, the Oonn Ransomware can lock files through using AES and a default key or download a more-secure one from a Command & Control server. Although the locking of media like documents is the most notorious feature of its family, malware experts recommend taking notice of less-advertised features from STOP Ransomware's current variants:

  • The Oonn Ransomware may block websites by changing the Windows Hosts file.
  • The Oonn Ransomware may compromise networks through collecting passwords with the assistance of a third-party password collector, AZORult.
  • The Oonn Ransomware deletes the Restore Points as part of preventing victims from recovering their media.
  • The Oonn Ransomware may generate a fake Windows update interface as a distraction while it's locking files.

The intended end scenario for the Oonn Ransomware's campaign is taking valuable files hostage and selling the unlocking service to the victim. Although the Oonn Ransomware contains the traditional instructions for doing so in a text file, victims should avoid these threatening and often unreliable transactions.

A Dream Trip to Your Computer's Nightmare

Most victims won't block the Oonn Ransomware's network connectivity immediately, which means that the Trojan will use the more-secure version of its encryption and make third-party recover particularly unlikely. Because of the additional danger that the Oonn Ransomware includes for networks, users should have strongly-secured backups on other systems with measures such as password protection or entirely-disconnected drives. Doing so will keep the Oonn Ransomware from having a ransoming proposition in the first place.

Some versions of the STOP Ransomware family use torrents and theme themselves after enticing or illegal items, such as movies or game cracks. For the Oonn Ransomware, malware experts are seeing Trojan droppers naming themselves after apparent American 'dream trips' or vacations. Web surfers that scan their downloads and reject ones from potentially-threatening sources should be at little risk from this tactic.

Users also can use trusted brands of Windows anti-malware services for stopping drive-by-downloads and, if need be, isolating or deleting the Oonn Ransomware.

With few bells and whistles but a new tactic for getting around the Web, the Oonn Ransomware is a typical Ransomware-as-a-Service case at work. Downloading random executable isn't in anyone's best interest save for the criminals uploading them.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Oonn Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware Oonn Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.