Threat Database Ransomware OnyonLock Ransomware

OnyonLock Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 90
First Seen: May 16, 2017
Last Seen: January 2, 2022
OS(es) Affected: Windows

The OnyonLock Ransomware is a ransomware Trojan that was first observed by PC security researchers on May 2017. The OnyonLock Ransomware, like most ransomware Trojans, is designed to take the victims' data hostage in exchange for a ransom payment. To do this, the OnyonLock Ransomware will use a strong encryption algorithm to encrypt the victim's files, making them inaccessible. The OnyonLock Ransomware will display a ransom note demanding that the victim pays a large amount of money in exchange for the decryption software, which will allow the victim to recover the affected files. The OnyonLock Ransomware and similar Trojans are not designed to collect data but, rather, to extort computer users. The most common way in which the OnyonLock Ransomware is delivered is through the use of spam email attachments. These email attachments may take the form of text or PDF files that have macros enabled, which allows them to download and install the OnyonLock Ransomware onto the computer user's PC.

The Bitter Effect of the OnyonLock Ransomware on Your Files

The files that are encrypted in the OnyonLock Ransomware attack are easy to recognize because this ransomware Trojan will change their file extension, adding the string '.onyon' to the end of each affected file's name. In its attack, the OnyonLock Ransomware targets the user's generated files. These may include media files such as videos or audio files, images, and files generated by software such as Microsoft Word, Libre Office or Adobe Photoshop. The OnyonLock Ransomware will use a strong encryption method that involves both the AES and RSA cryptographic algorithms to make the victim's files inaccessible. The OnyonLock Ransomware will encrypt files on all local drives, including network storage and external memory devices connected to the infected computer. The OnyonLock Ransomware also deletes the Windows System Restore points and the Shadow Volume Copies, both of which could help computer users recover the affected files possibly.

Why the OnyonLock Ransomware Demands a Ransom Payment

After encrypting the victim's files, the OnyonLock Ransomware will display its ransom note. This ransom message is contained in a file named '!#_DECRYPT_#!.inf' that is opened with the infected computer's default text viewer. The following message is contained in the OnyonLock Ransomware ransom note:

'All your files have been encrypted due to a security problem with your PC.
If you want to restore them, write us to the e-mail:
You have to pay for decryption in Bitcoins. The price depends on now fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information and their total size must be less than 10Mb
How to obtain Bitcoins
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 3 days - your key nas been deleted and you cant decrypt your files

Dealing with the OnyonLock Ransomware Infection

Malware researchers counsel computer users to refrain from contacting the people responsible for the OnyonLock Ransomware attack. Paying the OnyonLock Ransomware ransom may not lead to the return of the affected files, with the added effect of financing the con artists' other activities and the further development and release of the OnyonLock Ransomware variants. The best protection against the OnyonLock Ransomware and other ransomware Trojans is the use of good file backups. Computer users that use to have backup copies of all files can recover from an OnyonLock Ransomware attack by deleting the affected files and restoring them from backup copies. The OnyonLock Ransomware infection itself can be removed with a reliable anti-virus application.


Most Viewed