OnyonLock Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 90 |
| First Seen: | May 16, 2017 |
| Last Seen: | January 2, 2022 |
| OS(es) Affected: | Windows |
The OnyonLock Ransomware is a ransomware Trojan that was first observed by PC security researchers on May 2017. The OnyonLock Ransomware, like most ransomware Trojans, is designed to take the victims' data hostage in exchange for a ransom payment. To do this, the OnyonLock Ransomware will use a strong encryption algorithm to encrypt the victim's files, making them inaccessible. The OnyonLock Ransomware will display a ransom note demanding that the victim pays a large amount of money in exchange for the decryption software, which will allow the victim to recover the affected files. The OnyonLock Ransomware and similar Trojans are not designed to collect data but, rather, to extort computer users. The most common way in which the OnyonLock Ransomware is delivered is through the use of spam email attachments. These email attachments may take the form of text or PDF files that have macros enabled, which allows them to download and install the OnyonLock Ransomware onto the computer user's PC.
Table of Contents
The Bitter Effect of the OnyonLock Ransomware on Your Files
The files that are encrypted in the OnyonLock Ransomware attack are easy to recognize because this ransomware Trojan will change their file extension, adding the string '.onyon' to the end of each affected file's name. In its attack, the OnyonLock Ransomware targets the user's generated files. These may include media files such as videos or audio files, images, and files generated by software such as Microsoft Word, Libre Office or Adobe Photoshop. The OnyonLock Ransomware will use a strong encryption method that involves both the AES and RSA cryptographic algorithms to make the victim's files inaccessible. The OnyonLock Ransomware will encrypt files on all local drives, including network storage and external memory devices connected to the infected computer. The OnyonLock Ransomware also deletes the Windows System Restore points and the Shadow Volume Copies, both of which could help computer users recover the affected files possibly.
Why the OnyonLock Ransomware Demands a Ransom Payment
After encrypting the victim's files, the OnyonLock Ransomware will display its ransom note. This ransom message is contained in a file named '!#_DECRYPT_#!.inf' that is opened with the infected computer's default text viewer. The following message is contained in the OnyonLock Ransomware ransom note:
'All your files have been encrypted due to a security problem with your PC.
If you want to restore them, write us to the e-mail: decrypter@onyon.su
You have to pay for decryption in Bitcoins. The price depends on now fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
FREE DECRYPTION AS GUARANTEE
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information and their total size must be less than 10Mb
How to obtain Bitcoins
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price https://localbitcoins.com/buy_bitcoins
Attention!
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 3 days - your key nas been deleted and you cant decrypt your files
Your ID: [RANDOM CHARACTERS]'
Dealing with the OnyonLock Ransomware Infection
Malware researchers counsel computer users to refrain from contacting the people responsible for the OnyonLock Ransomware attack. Paying the OnyonLock Ransomware ransom may not lead to the return of the affected files, with the added effect of financing the con artists' other activities and the further development and release of the OnyonLock Ransomware variants. The best protection against the OnyonLock Ransomware and other ransomware Trojans is the use of good file backups. Computer users that use to have backup copies of all files can recover from an OnyonLock Ransomware attack by deleting the affected files and restoring them from backup copies. The OnyonLock Ransomware infection itself can be removed with a reliable anti-virus application.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.