Threat Database Ransomware OGONIA Ransomware

OGONIA Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 14,289
Threat Level: 100 % (High)
Infected Computers: 173
First Seen: August 9, 2017
Last Seen: October 30, 2022
OS(es) Affected: Windows

The OGONIA Ransomware is an encryption ransomware Trojan that is a variant of the CryptMix Ransomware. The OGONIA Ransomware is the latest of several variants in this family, which seem to be scheduled for the release of a new variant every month. PC security analysts observed the OGONIA Ransomware for the first time in the second week of August 2017, spreading through spam email messages. The con artists will attach corrupted documents to spam email messages. These documents, typically taking the form of DOCX files, will include corrupted macro scripts that download and install the OGONIA Ransomware onto the victim's computer. Apart from using corrupted spam email messages, the OGONIA Ransomware also can be installed on to the victim's computer directly when con artists take advantage of poor security measures, such as a weak password for computers with a Remote Desktop Protocol connection accessible online.

What is the Consequence of an OGONIA Ransomware Attack

The OGONIA Ransomware will encrypt the victim's files using the AES 256 encryption, a strong encryption algorithm that will make the victim's data inaccessible. The OGONIA Ransomware will target files on the victim's primary hard drive as well as on all memory devices connected to the infected computer and network storage. The OGONIA Ransomware marks the affected files by adding the file extension 'OGONIA' to the end of each affected file's name. Once the OGONIA Ransomware encrypts a file, it becomes inaccessible. The OGONIA Ransomware takes the victim's file hostage and refuses to provide the means to recover the files without the payment of a ransom. The OGONIA Ransomware targets the user-generated files, which include photos, movies, audio, music, and documents associated with commonly used software such as Adobe Acrobat, Microsoft Office and MySQL.

How the OGONIA Ransomware Demands Money from Its Victims

After encrypting the victim's files, the OGONIA Ransomware will demand a ransom by dropping a text file on the victim's computer. This ransom note takes the form of a text file named '_HELP_INSTRUCTION.TXT.' When the victim opens the OGONIA Ransomware's ransom note, the following message appears:

Attention! All Your data was encrypted!
For specific information, please send us an email with Your ID number:
We will help You as soon as possible!

Because the OGONIA Ransomware uses a combination of the RSA 2048 encryption and the AES 256 encryption in its attack, the files encrypted by the OGONIA Ransomware are impossible to recover without the decryption key. However, computer users should not contact the people responsible for the OGONIA Ransomware or pay the OGONIA Ransomware ransom. There are several reasons for this:

  1. The people responsible for the OGONIA Ransomware are very unlikely to respond. Rather than delivering the decryption key, they are just as likely to ignore the victim's payment or ask for more money
  2. Even if the con artists deliver the payment, the victim will very likely be targeted for further attacks, having demonstrated the means and willingness to pay the ransom amount once.
  3. Paying the OGONIA Ransomware ransom allows the people responsible for this threat to continue creating and developing the OGONIA Ransomware and variants of this threat.

Recovering from an OGONIA Ransomware Attack

If the OGONIA Ransomware has infected your computer, PC security researchers strongly advise the use of a security program and an anti-spam filter to ensure that corrupted email messages containing threats like the OGONIA Ransomware are not delivered to your computer. However, the best protection against ransomware Trojans like the OGONIA Ransomware is to have file backups. If computer users have the possibility of recovering their files from a backup copy, then the people responsible for the OGONIA Ransomware attack lose any leverage that permits them to ask for ransom.


Most Viewed