Threat Database Ransomware One Ransomware

One Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 258
First Seen: April 6, 2017
Last Seen: January 29, 2023
OS(es) Affected: Windows

In 2017, there was a marked increase in ransomware Trojan infections. The One Ransomware is just one of the many ransomware Trojans that have appeared in April of 2017, with numerous new infections appearing each day. The One Ransomware carries out an attack that is typical of these hoaxes. The One Ransomware encrypts its victim's files using a strong encryption algorithm, making it impossible to recover the files without a decryption key (which the con artists hold in their possession). The extortionists demand the payment of a large ransom fee to give the victim the decryption key needed to recover the infected files. Computer users should refrain from paying the One Ransomware ransom. There is no reason to believe that the people responsible for the One Ransomware attack will come up with the decryption key and, even if they do, victims will often report reinfection soon after, requiring additional large ransom payments. These payments allow the con artists to continue financing their ransomware activities, prompting the release of new ransomware variants each day.

The One Ransomware is Just an Ordinary Ransomware

The most common source of the One Ransomware and similar threat infections comes from spam email attachments. Con artists will distribute the One Ransomware executable by delivering corrupted documents to the victims in spam email messages that use social engineering to trick inexperienced computer users into opening the corrupted file attachment. Once the victim opens the file, which is often an innocuous text document or PDF file, a polluted macro is executed, which downloads and installs the One Ransomware on the victim's computer.

The One Ransomware attack itself is typical of these attacks. The One Ransomware will search for certain file types and encrypt them using a combination of the RSA and AES encryption algorithms. The One Ransomware will add a new file extension to each affected file. Due to the strength of the One Ransomware encryption, the files that have been encrypted in this attack are unrecoverable with current technology. When the victim's files are encrypted, the One Ransomware will display a ransom note meant to threaten the victims so that they will pay a large ransom. The One Ransomware displays its ransom note in Portuguese:

'Seus arquivos foram criptografados.
Essa sua chave: *****
Para recupera-los entre em contato pelo nosso email: one@proxy.tg enviando sua chave.
Responderemos seu email em at 24h.'

The message simply states that the victim's files were encrypted. The victim is assigned a code and instructed to send this code to the email address listed above. The One Ransomware ransom note uses an icon that is very similar to the Gmail icon, which could confuse inexperienced computer users, believing that this is all not abnormal. The message goes on to say that the on artists will respond to the victim's email within 24 hours. The response of these people will contain a ransom demand, asking the victim to pay a certain amount (which may be based on the severity of the attack and the profile of the target). Ransom payments of attacks similar to the One Ransomware tend to range between 0.5 BitCoin and 1.5 BitCoin ($600 and $1800 USD.)

Dealing with an One Ransomware Infection

Malware researchers strongly advise computer users to refrain from paying the One Ransomware ransom. Instead, they should remove the One Ransomware infection itself with a reliable security program that is fully up-to-date. Once the One Ransomware has been removed, the victim can restore the affected files by deleting the encrypted versions and replacing them with backup copies of the affected files. This is why having backup copies of all files is such a fundamental part of ensuring that your machine is protected against these attacks. Having file backups you can remove all power from the on artists' hand since you no longer have any reason to pay the ransom.

Related Posts

Trending

Most Viewed

Loading...