Onion Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 3,501 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 2,985 |
| First Seen: | August 27, 2015 |
| Last Seen: | September 16, 2023 |
| OS(es) Affected: | Windows |
The Onion Ransomware is an improved version of the infamous CTB Locker Ransomware infection. Other names for the Onion Ransomware include Citroni and various CryptoLocker variants. Like most encryption ransomware infections, the Onion Ransomware takes over a computer, encrypting the victim's files and then demanding a ransom for providing the decryption key.
Table of Contents
The Improvements Made to the Onion Ransomware
The Onion Ransomware also abbreviated as CTB-Locker (short for Curve Tor Bitcoin Locker) receives its name because the Onion Ransomware uses Tor in order to protect itself from detection and removal. The use of Tor and Bitcoins in the Onion Ransomware attacks makes it difficult for PC security researchers to pinpoint the origin of the Onion Ransomware attacks. Malware analysts consider that the Onion Ransomware is one of the most advanced encryptors currently active. There are several upgrades in the latest version of the Onion Ransomware. The Onion Ransomware will allow victims to decrypt five of their files as a 'trial' without paying the ransom. The Onion Ransomware also attacks in three new languages (German, Italian and Dutch) and connects to Tor in a variety of new ways.
Protecting Your Computer from the Onion Ransomware
The best way to protect your computer from encryption ransomware attacks is to backup all your data on an external device or the cloud. A strong security program, fully updated, and good browsing habits are all also essential parts of protecting your computer from these types of attacks. However, paying the Onion Ransomware ransom does not guarantee that you will receive the decryption key, and enables the people responsible for the Onion Ransomware attacks to continue carrying out their operations.
Recognizing Onion Ransomware Infections
Encryption ransomware infections have grown in number in recent years. The Onion Ransomware can be distinguished from its competitors because of the characteristic ransom notes the Onion Ransomware uses, which include the prefixes MW_ or KK_. The Onion Ransomware variants tend to require a ransom of three to four Bitcoin. The Onion Ransomware tends to spread using backdoor Trojans that are delivered using corrupted email attachments. Two Trojans that have been associated with the Onion Ransomware attacks. They are Backdoor.Win32.Hlux and HEUR:Trojan.Win32.Generic.
Below there is a sample of the text of an Onion Ransomware ransom note (these ransom notes tend to change, as well as certain information such as the email addresses included):
Good day. Your computer has been locked by ransomware, your personal files are encrypted and you have unfortunately "lost" all your pictures,
files and documents on the computer. Your important files encryption produced on this computer: videos, photos, documents, etc.
Encryption was produced using unique public key RSA-1024 generated for this computer. To decrypt files you need to obtain the private key.
All encrypted files contain MW_
Your number: [edited]
To obtain the program for this computer, which will decrypt all files, you need to pay
3 bitcoins on our bitcoin address [edited] (today 1 bitcoin was 260 USA dollars). Only we and you know about this bitcoin address.
You can check bitcoin balanse here - https://www.blockchain.info/address/[edited]
After payment send us your number on our mail ttk@ruggedinbox.com and we will send you decryption tool (you need only run it and all files will be decrypted during 1...3 hours)
Before payment you can send us one small file (100..500 kilobytes) and we will decrypt it - it's your garantee that we have decryption tool. And send us your number with attached file
We dont know who are you. All what we need - it's some money.
Don't panic if we don't answer you during 24 hours. It means that we didn't received your letter (for example if you use hotmail.com or outlook.com
it can block letter, SO DON'T USE HOTMAIL.COM AND OUTLOOK.COM. You need register your mail account in www.ruggedinbox.com (it will takes 1..2 minutes) and write us again)
You can use one of that bitcoin exchangers for transfering bitcoin.
