OnyonLock Ransomware

OnyonLock Ransomware Description

The OnyonLock Ransomware is a ransomware Trojan that was first observed by PC security researchers on May 2017. The OnyonLock Ransomware, like most ransomware Trojans, is designed to take the victims' data hostage in exchange for a ransom payment. To do this, the OnyonLock Ransomware will use a strong encryption algorithm to encrypt the victim's files, making them inaccessible. The OnyonLock Ransomware will display a ransom note demanding that the victim pays a large amount of money in exchange for the decryption software, which will allow the victim to recover the affected files. The OnyonLock Ransomware and similar Trojans are not designed to collect data but, rather, to extort computer users. The most common way in which the OnyonLock Ransomware is delivered is through the use of spam email attachments. These email attachments may take the form of text or PDF files that have macros enabled, which allows them to download and install the OnyonLock Ransomware onto the computer user's PC.

The Bitter Effect of the OnyonLock Ransomware on Your Files

The files that are encrypted in the OnyonLock Ransomware attack are easy to recognize because this ransomware Trojan will change their file extension, adding the string '.onyon' to the end of each affected file's name. In its attack, the OnyonLock Ransomware targets the user's generated files. These may include media files such as videos or audio files, images, and files generated by software such as Microsoft Word, Libre Office or Adobe Photoshop. The OnyonLock Ransomware will use a strong encryption method that involves both the AES and RSA cryptographic algorithms to make the victim's files inaccessible. The OnyonLock Ransomware will encrypt files on all local drives, including network storage and external memory devices connected to the infected computer. The OnyonLock Ransomware also deletes the Windows System Restore points and the Shadow Volume Copies, both of which could help computer users recover the affected files possibly.

Why the OnyonLock Ransomware Demands a Ransom Payment

After encrypting the victim's files, the OnyonLock Ransomware will display its ransom note. This ransom message is contained in a file named '!#_DECRYPT_#!.inf' that is opened with the infected computer's default text viewer. The following message is contained in the OnyonLock Ransomware ransom note:

'All your files have been encrypted due to a security problem with your PC.
If you want to restore them, write us to the e-mail: decrypter@onyon.su
You have to pay for decryption in Bitcoins. The price depends on now fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information and their total size must be less than 10Mb
How to obtain Bitcoins
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price https://localbitcoins.com/buy_bitcoins
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 3 days - your key nas been deleted and you cant decrypt your files

Dealing with the OnyonLock Ransomware Infection

Malware researchers counsel computer users to refrain from contacting the people responsible for the OnyonLock Ransomware attack. Paying the OnyonLock Ransomware ransom may not lead to the return of the affected files, with the added effect of financing the con artists' other activities and the further development and release of the OnyonLock Ransomware variants. The best protection against the OnyonLock Ransomware and other ransomware Trojans is the use of good file backups. Computer users that use to have backup copies of all files can recover from an OnyonLock Ransomware attack by deleting the affected files and restoring them from backup copies. The OnyonLock Ransomware infection itself can be removed with a reliable anti-virus application.

Infected with OnyonLock Ransomware? Scan Your PC

Download SpyHunter's Spyware Scanner
to Detect OnyonLock Ransomware
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 6 + 4 ?