Hentai Onichan Ransomware

Hentai Onichan Ransomware Description

The Hentai Onichan Ransomware is a data-encrypting Trojan that has been uncovered in the wild by malware analysts. This file-locking Trojan belongs to the Quimera Ransomware family. Ransomware threats are viewed as a quick way to generate cash with a low chance of facing any consequences. This is why data-locking Trojans like the Hentai Onichan Ransomware are so popular among cyber crooks worldwide.

The words “Hentai Oniichan” are known to most anime fans, and now the words are at the heart of ransomware threat. The Hentai Oniichan ransomware locks up files and encrypts them so they can’t be accessed. It is shocking to see something like this if you aren’t familiar with the concept of ransomware. If it happens to your computer, chances are you opened up a malicious email attachment or downloaded a dubious program.

Propagation and Encryption

The Hentai Onichan Ransomware may be propagated via different infection vectors. Some authors of ransomware threats tend to use mass spam email campaigns to spread their creations. This normally includes a fake message and a macro-laced attached file that appears to be a harmless document at first sight. If a user launches the attachment, they will allow the threat to compromise their system. Other propagation methods commonly utilized in the distribution of ransomware threats are malvertising campaigns, fake application updates, bogus pirated copies of popular software, etc. Regardless of how the Hentai Onichan Ransomware has ended up on your system, as soon as it compromises it, it will perform a scan and locate all your files. Threats like the Hentai Onichan Ransomware often tend to encrypt a large array of filetypes to ensure maximum damage on the infected computer. Thus, it is likely that all your images, audio files, documents, archives, presentations, spreadsheets, databases, videos, and other files will be securely encrypted with the help of an encryption algorithm. The locked files will have their names altered because the Hentai Onichan Ransomware adds the ‘.hor’ extension at the end of filenames. For instance, a file you had originally named ‘white-goose.png’ will be renamed to ‘white-goose.png.hor’ after the encryption process of the Hentai Onichan Ransomware has been completed.

The Ransom Note

To make sure that the victim sees the attackers’ message, the Hentai Onichan Ransomware would drop a ransom note in each folder that contains encrypted data. The ransom note that contains the message of the Hentai Onichan Ransomware’s authors is called ‘HELP_ME_RECOVER_MY_FILES.txt.’ Many creators of ransomware threats tend to use all caps when giving ransom notes names as bigger letters make it more likely for the user to notice the message. Some malware experts speculate that the Hentai Onichan Ransomware has been created as a joke since the attackers demand the mind-numbing ransom fee of 30 Bitcoin (approximately $159,000 at the moment of typing this post) in exchange for a decryption key. However, even if the attackers do not expect to be paid the sky-high sum, we can assure you that all the data locked by the Hentai Onichan Ransomware is encrypted securely and, therefore, unusable. The creators of the Hentai Onichan Ransomware ask to be contacted via email and give out an address for this purpose – ‘hentai.onichan.key@protonmail.ch.’

The ransom note reads:

Atention! all your important files were encrypted with Hentai Onichan Ransomehere!
to get your files back send 30 Bitcoins and contact us with proof of payment and your Unique Identifier Key.
We will send you a decryption tool with your personal decryption password.
Where can you buy Bitcoins:
hxxps://www.coinbase.com
hxxps://localbitcoins.com
Contact: hentai.onichan.key@protonmail.ch
Bitcoin wallet to make the transfer to is:
1ErGqSg86nW2kEH6dFwe217SNSCdcwWJQ7
Unique Identifier Key (must be sent to us together with proof of payment):

It seems like the best thing to do would be to pay the ransom. It’s a very tempting idea. The reality is that this is the last thing you want to do. There are no guarantees that the hackers will stick to their word. They’re under no obligation to hand over the decrypter key. Many ransomware victims become scam victims and end up losing a lot of money with their data. Another problem with paying the ransom is that you would be supporting their efforts to continue scamming others.

The first thing to do if your computer is infected with Hentai Oniichan – or any other ransomware – is to see if there is a public decryptor. Security experts put a lot of work into researching these threats. It may take a while, but they can create decryption kits and offer them to the public. If not, then you will need to use a backup to restore your files. Make sure to remove the virus first; otherwise, it will just encrypt your data again.

What Happened to Your Files

File encrypting viruses and ransomware get to work as soon as possible. These threats focus on documents, pictures, and videos because these are the most important to victims. Hentai Oniichan uses powerful encryption algorithms to lock data away. Files affected by the virus have their file extension changed. The virus also drops a ransom note, as mentioned above.

The size of the ransom depends on the ransomware and target in question. Some of these threats demand as little as $50, while others are known to demand upwards of $1,000. Remember, it’s worth looking into other ways to restore your files. It doesn’t matter how small the ransom is. Don’t pay for it. You’re better off that way. Perhaps you have a backup of your files you can restore instead. Some ransomware deletes the shadow volume copies of data, but not all of them do. If the shadow copies still exist, then your computer can restore your files.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.