The OhNo! Ransomware is an encryption ransomware Trojan. The OhNo! Ransomware, like other, similar threats, is designed to encrypt data on the victim's computer to demand a ransom payment. The OhNo Ransomware takes hostage the victim’s data until the victim pays for the decryption key necessary to recover the affected files. The OhNo! Ransomware was first observed on August 30, 2017, and poses a real threat to the victims' data.
Table of Contents
How the OhNo! Ransomware may Infect a Computer
The OhNo! Ransomware was first discovered on an online anti-virus platform and seems to unfinished. Con artists may submit unfinished versions of their threats to these platforms to test whether they can evade the latest anti-virus technology. The version of the OhNo! Ransomware analyzed by PC security analysts seems not to have an encryption algorithm that is functional, but it is likely that this will be implemented in the full version of the OhNo! Ransomware. The OhNo! Ransomware's presence is easy to be identified because it will rename files encrypted by the attack by adding the file extension '.ohno!' to the end of each affected file's name.
The Modus Operandi of the OhNo! Ransomware
PC security analysts have analyzed the OhNo! Ransomware's code and have determined that the OhNo! Ransomware targets a small range of file types when it infects a computer. However, these are widely used files that can make the victim lose valuable data. The OhNo! Ransomware targets some file types in its attack, which include:
.7z, .bmp, .csv, .dll, .doc, .docx, .exe, .gif, .gz, .jpeg, .jpg, .lnk, .midi, .mp3, .pdf, .png, .ppt, .pptx, .txt, .wav, .wpd, .xlsm, .xlsx, .zip.
The OhNo! Ransomware, in its attack, will encrypt the file types above, threatening the victim with the total loss of the affected data unless the victim agrees to pay a ransom. Most ransomware Trojans that use an attack similar to the OhNo! Ransomware will use AES and RSA encryptions to make the victim's files corrupted irreversibly. Although encryption does not seem to be implemented in the OhNo! Ransomware yet, it will probably not be released to the public without the ability to encrypt victims' data. The OhNo! Ransomware will change the victim's desktop background into an image that seems very similar to the Google Chrome default page after encrypting the victim's files. The OhNo! Ransomware will display a ransom note in a dialog box demanding payment in Monero (XMR). While most ransomware Trojans demand payment in crypto currency, most of them use Bitcoins and threats like the OhNo! Ransomware that demand payment in Monero are still relatively rare. There is the full text of the OhNo! Ransomware ransom note:
'You have been, infected with OhNo! ALL your Documents, Downloads, and Desktop have been Encrypted with a Unique Key to your System. Each Key is a TOTALLY Random Key specific to that Machine. Please Pay 2. XMR to the specified address below and you will receive a Email with your Key. Monero (XMR) is a cryptocurrency based on 100% annoymous transactions. You can find how to purchase Monero by using Google. If you can't figure out how to Buy XMR, you probably shouldn't have a PC.
XMR ADDRESS: [RANDOM CHARCTERS]'
The OhNo! Ransomware demands the payment of 2 Moneros, which is equivalent to 290 USD approximately. PC security researchers advise computer users to avoid paying the OhNo! Ransomware ransom.
Protecting Your Data from Threats Like the OhNo! Ransomware
The best protection against ransomware Trojans like the OhNo! Ransomware is to have the ability to recover your files if they become compromised. The only thing that can guarantee this is to have file backups that can't be reached by the threat. Having file backups, computer users can restore their files without having to resort to paying the OhNo! Ransomware ransom. A good file backup method coupled with a reliable security program that is fully up-to-date is the best protection against the OhNo! Ransomware and other encryption ransomware Trojans.