Orion Ransomware
The Orion Ransomware is a file-locking Trojan that encrypts your documents and other files before displaying ransom notes in text messages and on your desktop. There is no known, free solution for unlocking any encrypted content, and users should have backups as a precaution against this Trojan's attempted extortion. Anti-malware products can offer further protection by removing the Orion Ransomware on sight or uninstalling it for stopping any more damage.
A Major's Promotion to Constellation
The niche family of file-locker Trojans, the Major Ransomware, is finally getting an update after the Mars Ransomware from earlier in 2019. Unfortunately, its blocked files are no more recoverable than those of the older programs, due to the combination of the secure AES and RSA encryptions that are keeping the media under blockade. As of yet, malware experts have yet to track the newest Orion Ransomware's infection strategies, but highlight examples of its attacks in the wild.
Along with the encryption that's the threat-defining feature of its family, the Orion Ransomware adds significantly-lengthy extensions onto the files that it captures, which can range from text like documents or spreadsheets to audio, video or archives. The filename 'enhancements' include a serial ID, an e-mail for communicating with the threat actor, and the 'orion' extension. The Orion Ransomware also drops a Notepad message, but without the standard TXT tag, and hijacks the Windows wallpaper for displaying another warning.
Users are reporting attacks of the Orion Ransomware since June, but without providing samples of the relevant infection components. File-locker Trojans from the Major Ransomware family, which includes few members relatively, favor European e-mail addresses and spam-based content, which may link to a corrupted website or carry an attachment with an embedded vulnerability. Many of the latter use macro-based delivery methods, and malware experts recommend that users leave macros off until they know that a document is genuine.
Turning the Lights Out on a Star-Laden Trojan
Like most file-locking Trojans, the Orion Ransomware's payload can block the majority of files on your computer or server, although its design doesn't target any crucial operating system components. It also lacks a freeware decryption service, and, thanks to the high security of the RSA encryption, malware experts don't expect that issue to resolve without unusual circumstances – such as a leak from the threat actor's database of keys. Users can, however, always preserve their files by backing them up onto other devices.
The ransom payments that the Orion Ransomware demands have no automated links to the decryption service that its threat actor is selling. Anyone paying the Bitcoin ransom should do so with the knowledge that the criminal may withhold their help, afterward. Anti-malware tools can't unlock or decrypt your files but should delete the Orion Ransomware by default.
Major Ransomware's Poland-based family may be stretching itself out to further regions of the world with sprouting branches like the Orion Ransomware. These attacks are likely opportunity-based ones, which means that users minding their security habits will make themselves less likely targets.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.