Osnoed Ransomware

Posted: October 14, 2020

Osnoed Ransomware Description

The Osnoed Ransomware is a file-locking Trojan that blocks media on users' computers through encrypting the files. It's estimated as a variant of a previous Trojan, Babax, although the data-blocking feature is new to this version. Users with backups can protect their work from harm, and most standard security products should remove the Osnoed Ransomware as a threat.

The Babax Collector Plans on collecting More Yet

The GitHub project, the Babax Stealer, is returning with an unknown threat actor's help, whose programming enhancements include a module with data-blocking capabilities. The shift in features makes the Osnoed Ransomware a significant update. However, its extortion plan isn't very different from those so well-trod by threats like the Ransomware-as-a-Service industry. Its distribution methods aren't known, but most systems with a reasonably-modern version of Windows are at risk.

The Osnoed Ransomware's predecessor, the Babax Stealer, is a limited spyware program that collects passwords from browsers like Firefox or Chrome. The update in the Osnoed Ransomware includes another module that specializes in blocking the victim's media files. The threat actor may have purchased the author's code, collected it, or acquired it through a third-party leak.

Most of the features specific to the Osnoed Ransomware aren't particularly unusual. It uses an encryption routine for blocking files that the attacker targets, such as Word documents, GIF pictures or RAR archives. It also has an extension-appending function for adding the campaign's string of 'Osnoed' to their names.

Once it has the hostages, the Osnoed Ransomware drops a text note onto the desktop. Premium decryption help from threat actors isn't always safe and can include attempts at other attacks, such as fake 'unlocked files' that install other threats. More usually, malware experts also find it typical for there to be no decryption service after the victims transfer the ransom money, which uses limited-refund channels, such as Bitcoin.

Dealing with Spyware that Takes Up Hobbies in Extortion

The Osnoed Ransomware spin-off of Babax Stealer is a double-edged threat to most Windows computers or compatible devices. Its campaign has yet to have its infection tactics confirmed, although the Trojan is out in the wild. For now, malware experts recommend taking all-purpose precautions for blocking file-locker Trojans' infection vectors in a well-rounded manner.

Simple protections that most users can take up include:

  • Avoiding game cracks, collected movies, and similar illicit downloads that threat actors may bundle with Trojan installers.
  • Scanning downloads of all sources before opening them.
  • Not enabling macros in documents, or Flash, Java, or JavaScript in Web browsers (all of which can facilitate drive-by-downloads through vulnerabilities).
  • Using strong passwords for keeping attackers from gaining unauthorized control over accounts.

Above all else, having backups on other systems and portable devices will remove the potential for Trojans' taking files hostage. Without decryption services available for this threat for free, users also should emphasize proactively catching and removing the Osnoed Ransomware through proper security products.

The Osnoed Ransomware's change in attack practices might be a little out-of-left-field, but Trojans are as adaptable as living creatures. Those who don't keep up with the digital arms race might find their files being the victims left as innocent casualties.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Osnoed Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Osnoed Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.