‘.onion File Extension’ Ransomware

‘.onion File Extension’ Ransomware Description

The '.onion File Extension' Ransomware is a Trojan that was reported by PC users in Brazil in the second week of April 2017. The '.onion File Extension' Ransomware Trojan is designed to encrypt data on infected systems, and it offers users a decryption tool in exchange for a fee that is to be paid in Bitcoins. Initial threat analysis uncovered that the '.onion File Extension' Ransomware is used in attacks on Web servers and corporate networks. Reports from South ad North America suggest that the threat invades the systems via compromised remote desktop accounts and spear phishing emails. Computer security experts suspect that the '.onion File Extension' Ransomware is a new variant of the Dharma Ransomware since there are many similarities in how the code is constructed and executed.

As you may guess the '.onion File Extension' Ransomware is named after the extension placed on the encrypted objects. The threat is programmed to generate a unique key, encipher the objects on local disks and accessible network shares before loading the invitation to pay for the decoding software. The '.onion File Extension' Ransomware renames the files following the pattern:

..id-[8 RANDOM CHARACTERS].[felix_dies@aol.com].onion

The same patterns was observed with the 'Bitcoinpay@india.com' Ransomware but it is based on the Crysis Ransomware and there appears to be no connection to the '.onion File Extension' Ransomware. The Trojan at hand is reported to target a broad spectrum of data containers and is likely to interrupt the work of database managers and media editing stations. Consequently,
'The Church of Santo Tomás-Spain.jpeg' is renamed to 'The Church of Santo Tomás-Spain.jpeg-id-N457HNV8.[felix_dies@aol.com].onion' and the image can't be loaded in programs like the Windows Photo and the FastStone Viewer. The '.onion File Extension' Ransomware is a threat to data, which is stored in the following formats:

.png, .psd, .pspimage, .tga, .thm, .tif, .tiff, .yuv, .ai, .eps, .ps, .svg, .indd, .pct, .pdf, .xlr, .xls, .xlsx, .accdb, .db, .dbf, .mdb, .pdb, .sql, .apk, .app, .bat, .cgi, .com, .exe, .gadget, .jar, .pif, .wsf, .dem, .gam, .nes, .rom, .sav, .dwg, .dxf, .gpx, .kml, .kmz, .asp, .aspx, .cer, .cfm, .csr, .css, .htm, .html, .js, .jsp, .php, .rss, .xhtml, .doc, .docx, .log, .msg, .odt, .pages, .rtf, .tex, .txt, .wpd, .wps, .csv, .dat, .ged, .key, .keychain, .pps, .ppt, .pptx, .ini, .prf, .hqx, .mim, .uue, .7z, .cbr, .deb, .gz, .pkg, .rar, .rpm, .sitx, .tar.gz, .zip, .zipx, .bin, .cue, .dmg, .iso, .mdf, .toast, .vcd, .sdf, .tar, .tax2014, .tax2015, .vcf, .xml, .aif, .iff, .m3u, .m4a, .mid, .mp3, .mpa, .wav, .wma, .3g2, .3gp, .asf, .avi, .flv, .m4v, .mov, .mp4, .mpg, .rm, .srt, .swf, .vob, .wmv, .3d, .3dm, .3ds, .max, .obj, .bmp, .dds, .gif, .jpg,.crx, .plugin, .fnt, .fon, .otf, .ttf, .cab, .cpl, .cur, .dll, .dmp, .drv, .icns, .ico, .lnk, .sys, .cfg.

The ransom request is offered as 'BACK DATA BASE.txt,' and you may find the file on your desktop. The message inside may direct you to write to an email account hosted on the ProtonMail platform, which is favored for its privacy-centric philosophy by the developers of the 'garryweber@protonmail.ch' Ransomware and many others on the ransomware market. Computer security analysts note that paying the ransom may seem like the easiest way out of the situation, but that is not true. Paying hundreds of dollars worth of Bitcoins to the cyber extortionists does not grant you the right to request a decryption service. You risk losing your money and data by cooperating with the crooks when you can rebuild your data structure by using backups. However, you will need to purge the '.onion File Extension' Ransomware from your PC first and you may want to use a trusted anti-malware utility for that purpose.

Infected with ‘.onion File Extension’ Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect ‘.onion File Extension’ Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 15 + 2 ?