Ogre Ransomware

The Ogre Ransomware is an encryption ransomware Trojan that was first observed by malware researchers on an online anti-malware scanner (it is common to find these threats uploaded to these locations as part of their creators' testing methods, to find out if they can bypass commonly used anti-virus programs). When PC security researchers observed the Ogre Ransomware, it was clear that it was still in a testing phase. However, it is not unlikely that a full version of the Ogre Ransomware will be released publicly eventually. The Ogre Ransomware seems to be designed to mimic the behavior of the Petya Ransomware, another well-known threat.

The Ape Ogre

The Ogre Ransomware receives its name because it marks the files it infects with the file extension '.ogre,' which is added to the end of each encrypted file name. The Ogre Ransomware will encrypt the victims' files using the AES 256 encryption, then it uses the RSA encryption to make the decryption key inaccessible. The Ogre Ransomware is designed to make the victim's files unusable and seems to be designed to attack individual computer users rather than businesses. The Ogre Ransomware is not a sophisticated threat and does not have a Command and Control server or sophisticated components used to carry out its attack. However, the Ogre Ransomware does encrypt the victims' files with a strong encryption method, making it an effective ransomware Trojan attack.

The Ransom Amount and Notification Displayed by the Ogre Ransomware

PC security researchers have noticed multiple variants of the Ogre Ransomware, which may correspond to different stages of testing or released versions of this attack. Some differences include the currency used in the ransom note and some slight differences in its wording. The following are two versions of the Ogre Ransomware's ransom message that PC security researchers have observed:

xit (DEV)
the Ogre Ransomware
your files have been encrypted The only way to recover them is to send 20€ in Mew to this adress
(Programme test)
Note: Critical files have been encrypted.
If you stop your computer,
there are high chance your computer will be unusable for ever
Enter your Bitcoin address used to pay [TEXT BOX]
Check payment
Decrypt'

the Ogre Ransomware
Your files have been encrypted.
The only way to recover them is to send 20€ in bitcoin to this adress.
(Programme test)
Note: Critical files have been encrypted.
If you stop your computer, there are high chance your computer will be unusable for ever.
Enter your bitcoin adress used to pay
button [Decrypt]
button [Check payment]

The Ogre Ransomware carries out an effective attack, and it is necessary to take steps to shelter your computer from this and other similar ransomware attacks.

Protecting Your computer from Threats Like the Ogre Ransomware

The best protection against the Ogre Ransomware is to use a backup method to protect the files on the Windows operating system. Having backup copies on a mobile memory device or the cloud are the best protection against threats like the Ogre Ransomware. This is because being able to recover the files from a backup copy nullifies the Ogre Ransomware attack, allowing computer users to recover their files without having to pay the Ogre Ransomware ransom. In fact, if enough computer users have backup copies of their files, these attacks will die away eventually since they would be no longer profitable.

If you do not have backup copies of your files, it may not be possible to restore the encrypted files currently. However, malware analysts strongly advise against paying the Ogre Ransomware ransom. This does not guarantee that the con artists will deliver the means to recover the affected files and may, in fact, prompt them to ask for more money or target your computer for future attacks. Furthermore, paying the Ogre Ransomware ransom, even if it results in the recovery of your files, will allow these con artists to continue creating ransomware Trojans like this one and claiming more victims.