OGONIA Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 175 |
First Seen: | August 9, 2017 |
Last Seen: | February 21, 2023 |
OS(es) Affected: | Windows |
The OGONIA Ransomware is an encryption ransomware Trojan that is a variant of the CryptMix Ransomware. The OGONIA Ransomware is the latest of several variants in this family, which seem to be scheduled for the release of a new variant every month. PC security analysts observed the OGONIA Ransomware for the first time in the second week of August 2017, spreading through spam email messages. The con artists will attach corrupted documents to spam email messages. These documents, typically taking the form of DOCX files, will include corrupted macro scripts that download and install the OGONIA Ransomware onto the victim's computer. Apart from using corrupted spam email messages, the OGONIA Ransomware also can be installed on to the victim's computer directly when con artists take advantage of poor security measures, such as a weak password for computers with a Remote Desktop Protocol connection accessible online.
Table of Contents
What is the Consequence of an OGONIA Ransomware Attack
The OGONIA Ransomware will encrypt the victim's files using the AES 256 encryption, a strong encryption algorithm that will make the victim's data inaccessible. The OGONIA Ransomware will target files on the victim's primary hard drive as well as on all memory devices connected to the infected computer and network storage. The OGONIA Ransomware marks the affected files by adding the file extension 'OGONIA' to the end of each affected file's name. Once the OGONIA Ransomware encrypts a file, it becomes inaccessible. The OGONIA Ransomware takes the victim's file hostage and refuses to provide the means to recover the files without the payment of a ransom. The OGONIA Ransomware targets the user-generated files, which include photos, movies, audio, music, and documents associated with commonly used software such as Adobe Acrobat, Microsoft Office and MySQL.
How the OGONIA Ransomware Demands Money from Its Victims
After encrypting the victim's files, the OGONIA Ransomware will demand a ransom by dropping a text file on the victim's computer. This ransom note takes the form of a text file named '_HELP_INSTRUCTION.TXT.' When the victim opens the OGONIA Ransomware's ransom note, the following message appears:
'Hello!
Attention! All Your data was encrypted!
For specific information, please send us an email with Your ID number:
cnc01@msgden.net
cnc02@nerdmail.co
cnc03@protonmail.com
tankpolice@aolonline.top
We will help You as soon as possible!
DECRYPT-ID-[32 RANDOM CHARACTERS] number'
Because the OGONIA Ransomware uses a combination of the RSA 2048 encryption and the AES 256 encryption in its attack, the files encrypted by the OGONIA Ransomware are impossible to recover without the decryption key. However, computer users should not contact the people responsible for the OGONIA Ransomware or pay the OGONIA Ransomware ransom. There are several reasons for this:
- The people responsible for the OGONIA Ransomware are very unlikely to respond. Rather than delivering the decryption key, they are just as likely to ignore the victim's payment or ask for more money
- Even if the con artists deliver the payment, the victim will very likely be targeted for further attacks, having demonstrated the means and willingness to pay the ransom amount once.
- Paying the OGONIA Ransomware ransom allows the people responsible for this threat to continue creating and developing the OGONIA Ransomware and variants of this threat.
Recovering from an OGONIA Ransomware Attack
If the OGONIA Ransomware has infected your computer, PC security researchers strongly advise the use of a security program and an anti-spam filter to ensure that corrupted email messages containing threats like the OGONIA Ransomware are not delivered to your computer. However, the best protection against ransomware Trojans like the OGONIA Ransomware is to have file backups. If computer users have the possibility of recovering their files from a backup copy, then the people responsible for the OGONIA Ransomware attack lose any leverage that permits them to ask for ransom.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.