Threat Database Ransomware OnyxLocker Ransomware

OnyxLocker Ransomware

Malware analysts have uncovered yet another ransomware threat in the wild. This brand-new file-encrypting Trojan is called the OnyxLocker Ransomware. It is likely that the creators of this threat originate from the Russian Federation as the ransom note has versions in Russian and English. It appears that the OnyxLocker Ransomware does not belong to any of the popular ransomware families, and its creators may have built it from scratch.

Propagation and Encryption

The most commonly used infection vectors when it comes to the propagation of ransomware threats are spam emails containing infected attachments, torrent trackers, bogus application downloads and updates, pirated copies of popular software and media, etc. Like most threats of this type, the OnyxLocker Ransomware would make sure to encrypt all the data it can get its hands on to ensure maximum damage. The more files the threat locks, the more likely it is that the user will consider paying the ransom fee demanded. The OnyxLocker Ransomware applies a complex encryption algorithm that would lock the targeted data. Upon encrypting a file, the OnyxLocker Ransomware appends a new extension to the filename - '.кристина.' The encryption name stands for 'Christina' in Russian. Once the OnyxLocker Ransomware encrypts a file that was named 'snowy-field.mp3' originally, for example, its name will be changed to 'snowy-field.mp3.кристина.'

The Ransom Note

Similar to most ransomware threats, the OnyxLocker Ransomware would drop a ransom note on the user's desktop. The name of the file containing the attackers' ransom message is 'Read-me!!! 0.txt.' The first half of the note is written in Russian entirely, while the second half is in English. In the note, the attackers inform the victim that they have locked all their data. The authors of the OnyxLocker Ransomware give the user an ultimatum – if they do not get in touch with the attackers within 12 hours of the attack taking place, recovering the encrypted data will be impossible. There is an email address provided as a means of contacting the creators of the OnyxLocker Ransomware - ‘'

Do not trust the promises of cybercriminals. Most of the users who opt to pay the ransom fee required by cyber crooks tend to be left empty-handed when the attackers never deliver on their promises. This is why you should consider investing in a reputable anti-spyware solution that will keep your system safe.


Most Viewed