Malware experts in the field of ransomware have spotted a new data-locking Trojan. It is called the Orion Ransomware. When cybersecurity researchers studied this threat, they concluded that it is a variant of the Major Ransomware.
It is not yet known with any certainty what is the exact method of propagation used in the campaigns spreading the Orion Ransomware. It is, however, believed that the cybercriminals who created the Orion Ransomware might be spreading it via emails that contain corrupted attached files, bogus software updates and infected pirated applications. When the Orion Ransomware infects a system, it starts the attack by scanning it. The goal is to locate the files, which will then be encrypted. Once this is completed successfully, the encryption process is triggered into action. Once a file is locked by the Orion Ransomware, it will have its filename altered. The Orion Ransomware will add a '.<14 NUMBERS>.email@example.com' extension to the newly locked files. Then the Orion Ransomware will drop a file called 'READ_ME.orion,' which serves as the threat's ransom note. It is a common approach used by cybercriminals to name ransom notes using all caps. It is done to ensure the victim sees their message. In the ransom note, the attackers give out three email addresses where they can be contacted – 'firstname.lastname@example.org', 'email@example.com' and 'firstname.lastname@example.org.'
We will recommend strongly that you stay away from cyber crooks. Such people are known for their dishonesty and lack of scruples. It is not at all uncommon for them to lie to their victims, take their money, and end up not holding up their end of the deal. Instead, you should download and install a legitimate anti-spyware tool.