Onyx Ransomware

The Onyx Ransomware first attracted attention from malware researchers in October of 2016, when a large amount of spam email messages in Georgian started being used in attacks on computer users. Georgian being an unusual language, the appearance of these spam email messages and their associated ransomware Trojan puzzled many malware researchers. The Onyx Ransomware carries out a screen lock attack, preventing victims from accessing the infected computer. These attacks, which were among the most popular forms of ransomware several years ago, have enjoyed a resurgence in Fall of 2016, with numerous variants of these attacks, using a screen locker component appearing in the wild. Part of the popularity of these infections is that these attacks can pretend to be encryption ransomware Trojans, claiming that the victim's files were encrypted to trick inexperienced computer users into paying the ransom. Considering the popularity or encryption ransomware Trojans in recent years, it may be difficult for computer users to tell apart an Onyx Ransomware infection from an encryption ransomware Trojan.

How the Onyx Ransomware may Infect a Computer

It is likely that the Onyx Ransomware is language specific, designed to infect computer users in Georgia. The Onyx Ransomware is very similar to a variety of ransomware Trojans that were very popular in the last decade, which would impersonate the police forces of different countries and scare computer users into believing that their computers were being blocked by the police. In this case, the Onyx Ransomware scares computer users into believing that their computers were locked by an encryption ransomware Trojan of the same sophistication as CryptoWall or Locky. Fortunately for computer users, the Onyx Ransomware is nowhere near as sophisticated as these types of attacks.

A computer that has been attacked by the Onyx Ransomware will not be accessible. When computer users try to log into Windows, a full-screen message, in green letters over a black background, alerts the victim in Georgian about the attack. This message, written in Georgian, will look puzzling to computer users outside of Georgia. The Onyx Ransomware's ransom note, translated into English, reads as follows:

'All files are encrypted.
But, do not worry, they will not be destroyed (for now).
You have 24 hours to deliver payment of $100.
Money transfer to a specified account using Bitcoins.
Otherwise, all files are deleted.
Do not turn off the computer and do not try to eliminate me.'

The Onyx Ransomware Message is Full of Lies

Despite the Onyx Ransomware's ransom note, there is no truth to the message; the victim's files will not have been encrypted nor will they be deleted or destroyed. In most cases, computer users can simply bypass the Onyx Ransomware message by restarting the infected computer in Safe Mode. Then, it is simply a matter of using a reliable security program that is fully up-to-date to delete the Onyx Ransomware infection and restore access to the victim's files completely.

The Onyx Ransomware is either under development, or it is the work of an amateur looking to make money quickly by pretending to have created a more sophisticated threat. PC security researchers strongly advise computer users to disregard the Onyx Ransomware's ransom note and remove it completely with a reliable security application immediately. The Onyx Ransomware may be detected under various names and aliases by different security applications. The following are some of the names that different anti-malware programs have assigned the Onyx Ransomware:

MSIL/LockScreen.QR
Ransom.the Onyx
Ransom_the OnyxLOCKSCREEN.A
Trojan.MSIL.gen.18
W32.Troj.Ransom!c
Win32.Malware!Drop
Win32.Trojan-Ransom.Winlock.F

To prevent the Onyx Ransomware infections, computer users are advised to protect their computers with a reliable security program, avoid potentially unsafe websites, and handle unsolicited email messages, attachments and links with caution.