Threat Database Ransomware Onion Ransomware

Onion Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 3,501
Threat Level: 50 % (Medium)
Infected Computers: 2,985
First Seen: August 27, 2015
Last Seen: September 16, 2023
OS(es) Affected: Windows

The Onion Ransomware is an improved version of the infamous CTB Locker Ransomware infection. Other names for the Onion Ransomware include Citroni and various CryptoLocker variants. Like most encryption ransomware infections, the Onion Ransomware takes over a computer, encrypting the victim's files and then demanding a ransom for providing the decryption key.

The Improvements Made to the Onion Ransomware

The Onion Ransomware also abbreviated as CTB-Locker (short for Curve Tor Bitcoin Locker) receives its name because the Onion Ransomware uses Tor in order to protect itself from detection and removal. The use of Tor and Bitcoins in the Onion Ransomware attacks makes it difficult for PC security researchers to pinpoint the origin of the Onion Ransomware attacks. Malware analysts consider that the Onion Ransomware is one of the most advanced encryptors currently active. There are several upgrades in the latest version of the Onion Ransomware. The Onion Ransomware will allow victims to decrypt five of their files as a 'trial' without paying the ransom. The Onion Ransomware also attacks in three new languages (German, Italian and Dutch) and connects to Tor in a variety of new ways.

Protecting Your Computer from the Onion Ransomware

The best way to protect your computer from encryption ransomware attacks is to backup all your data on an external device or the cloud. A strong security program, fully updated, and good browsing habits are all also essential parts of protecting your computer from these types of attacks. However, paying the Onion Ransomware ransom does not guarantee that you will receive the decryption key, and enables the people responsible for the Onion Ransomware attacks to continue carrying out their operations.

Recognizing Onion Ransomware Infections

Encryption ransomware infections have grown in number in recent years. The Onion Ransomware can be distinguished from its competitors because of the characteristic ransom notes the Onion Ransomware uses, which include the prefixes MW_ or KK_. The Onion Ransomware variants tend to require a ransom of three to four Bitcoin. The Onion Ransomware tends to spread using backdoor Trojans that are delivered using corrupted email attachments. Two Trojans that have been associated with the Onion Ransomware attacks. They are Backdoor.Win32.Hlux and HEUR:Trojan.Win32.Generic.

Below there is a sample of the text of an Onion Ransomware ransom note (these ransom notes tend to change, as well as certain information such as the email addresses included):

Good day. Your computer has been locked by ransomware, your personal files are encrypted and you have unfortunately "lost" all your pictures,
files and documents on the computer. Your important files encryption produced on this computer: videos, photos, documents, etc.
Encryption was produced using unique public key RSA-1024 generated for this computer. To decrypt files you need to obtain the private key.
All encrypted files contain MW_
Your number: [edited]
To obtain the program for this computer, which will decrypt all files, you need to pay
3 bitcoins on our bitcoin address [edited] (today 1 bitcoin was 260 USA dollars). Only we and you know about this bitcoin address.
You can check bitcoin balanse here -[edited]
After payment send us your number on our mail and we will send you decryption tool (you need only run it and all files will be decrypted during 1...3 hours)
Before payment you can send us one small file (100..500 kilobytes) and we will decrypt it - it's your garantee that we have decryption tool. And send us your number with attached file
We dont know who are you. All what we need - it's some money.
Don't panic if we don't answer you during 24 hours. It means that we didn't received your letter (for example if you use or
it can block letter, SO DON'T USE HOTMAIL.COM AND OUTLOOK.COM. You need register your mail account in (it will takes 1..2 minutes) and write us again)
You can use one of that bitcoin exchangers for transfering bitcoin.

Related Posts


Most Viewed