OVO Ransomware

OVO Ransomware Description

The OVO Ransomware is a new threatening variant belonging to the infamous Dharma Ransomware family. Although the OVO Ransomware doesn't display any major improvements over the typical Dharma Ransomware threat, it is still a powerful malware that can lock users out from accessing their files. The encryption algorithm used by the threat affects a wide range of popular file types including MS Office docs, PDFs, images, photos, audio and video files, databases, archived, etc. 

Every encrypted file will have its name modified significantly. The threat will append to the original file name an ID string unique for the victim, followed by an email address under the control of the hackers, and finally '.OVO' as a new extension. The email is 'dable19@mail.fr.' Following the typical Dharma Ransomware variants behavior, after completing its encryption routine, the OVO Ransomware will proceed to drop its ransom note in two different forms - a pop-up window displaying the main message from the hackers and text files named 'FILES ENCRYPTED.txt' that contains a truncated version of the note. 

According to the instructions found in the pop-up window, victims of the OVO Ransomware will have to pay an unspecified amount to the cybercriminals if they want to receive the decryption key needed to potentially restore their files. As communication channels, the hackers provide two email addresses. The main email is the same as the one placed in the file names - 'dable19@mail.fr.' If users do not receive a response within 12 hours, they are directed towards the secondary email at 'airbusbtc@goat.si.'

The full text of the ransom note is:

'YOUR FILES ARE ENCRYPTED

Don't worry, you can return all your files!

If you want to restore them, follow this link: email dable19@mail.fr YOUR ID -

If you have not been answered via the link within 12 hours, write to us by e-mail:airbusbtc@goat.si

Attention!

Do not rename encrypted files.

Do not try to decrypt your data using third-party software, it may cause permanent data loss.

Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

The note in the text file is:

'all your data has been locked us

You want to return?

write email dable19@mail.fr or airbusbtc@goat.si.' 

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.