Oonn Ransomware
The Oonn Ransomware is a file-locking Trojan that's from STOP Ransomware's Ransomware-as-a-Service business. Like most RaaSes, it uses a (usually, secure) encryption routine for keeping users from opening their media files and drops a ransom note. Recovery through backups and anti-malware products for removing the Oonn Ransomware always is superior to paying its ransom.
The Incessant Onset of the STOP Ransomware Business
Whether it's called STOP Ransomware or Djvu Ransomware, according to two of its earliest campaigns, the Ransomware-as-a-Service family is prolific and a popular item among threat actors without personal programming interests. From the early days of the Fordan Ransomware and the Todarius Ransomware to new threats like the Nile Ransomware, the Nppp Ransomware, and the Oonn Ransomware, their features show significant internal consistency. Like the others, the Oonn Ransomware changes little about how it attacks users, finding the potency of secure encryption more than threatening enough for ransoming files.
After it infects a Windows PC, the Oonn Ransomware can lock files through using AES and a default key or download a more-secure one from a Command & Control server. Although the locking of media like documents is the most notorious feature of its family, malware experts recommend taking notice of less-advertised features from STOP Ransomware's current variants:
- The Oonn Ransomware may block websites by changing the Windows Hosts file.
- The Oonn Ransomware may compromise networks through collecting passwords with the assistance of a third-party password collector, AZORult.
- The Oonn Ransomware deletes the Restore Points as part of preventing victims from recovering their media.
- The Oonn Ransomware may generate a fake Windows update interface as a distraction while it's locking files.
The intended end scenario for the Oonn Ransomware's campaign is taking valuable files hostage and selling the unlocking service to the victim. Although the Oonn Ransomware contains the traditional instructions for doing so in a text file, victims should avoid these threatening and often unreliable transactions.
A Dream Trip to Your Computer's Nightmare
Most victims won't block the Oonn Ransomware's network connectivity immediately, which means that the Trojan will use the more-secure version of its encryption and make third-party recover particularly unlikely. Because of the additional danger that the Oonn Ransomware includes for networks, users should have strongly-secured backups on other systems with measures such as password protection or entirely-disconnected drives. Doing so will keep the Oonn Ransomware from having a ransoming proposition in the first place.
Some versions of the STOP Ransomware family use torrents and theme themselves after enticing or illegal items, such as movies or game cracks. For the Oonn Ransomware, malware experts are seeing Trojan droppers naming themselves after apparent American 'dream trips' or vacations. Web surfers that scan their downloads and reject ones from potentially-threatening sources should be at little risk from this tactic.
Users also can use trusted brands of Windows anti-malware services for stopping drive-by-downloads and, if need be, isolating or deleting the Oonn Ransomware.
With few bells and whistles but a new tactic for getting around the Web, the Oonn Ransomware is a typical Ransomware-as-a-Service case at work. Downloading random executable isn't in anyone's best interest save for the criminals uploading them.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.