OnyxLocker Ransomware

OnyxLocker Ransomware Description

Malware analysts have uncovered yet another ransomware threat in the wild. This brand-new file-encrypting Trojan is called the OnyxLocker Ransomware. It is likely that the creators of this threat originate from the Russian Federation as the ransom note has versions in Russian and English. It appears that the OnyxLocker Ransomware does not belong to any of the popular ransomware families, and its creators may have built it from scratch.

Propagation and Encryption

The most commonly used infection vectors when it comes to the propagation of ransomware threats are spam emails containing infected attachments, torrent trackers, bogus application downloads and updates, pirated copies of popular software and media, etc. Like most threats of this type, the OnyxLocker Ransomware would make sure to encrypt all the data it can get its hands on to ensure maximum damage. The more files the threat locks, the more likely it is that the user will consider paying the ransom fee demanded. The OnyxLocker Ransomware applies a complex encryption algorithm that would lock the targeted data. Upon encrypting a file, the OnyxLocker Ransomware appends a new extension to the filename - '.кристина.' The encryption name stands for 'Christina' in Russian. Once the OnyxLocker Ransomware encrypts a file that was named 'snowy-field.mp3' originally, for example, its name will be changed to 'snowy-field.mp3.кристина.'

The Ransom Note

Similar to most ransomware threats, the OnyxLocker Ransomware would drop a ransom note on the user's desktop. The name of the file containing the attackers' ransom message is 'Read-me!!! 0.txt.' The first half of the note is written in Russian entirely, while the second half is in English. In the note, the attackers inform the victim that they have locked all their data. The authors of the OnyxLocker Ransomware give the user an ultimatum – if they do not get in touch with the attackers within 12 hours of the attack taking place, recovering the encrypted data will be impossible. There is an email address provided as a means of contacting the creators of the OnyxLocker Ransomware - ‘crypt@ctemplar.com.'

Do not trust the promises of cybercriminals. Most of the users who opt to pay the ransom fee required by cyber crooks tend to be left empty-handed when the attackers never deliver on their promises. This is why you should consider investing in a reputable anti-spyware solution that will keep your system safe.

Do You Suspect Your PC May Be Infected with OnyxLocker Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like OnyxLocker Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.