The OVO Ransomware is a new threatening variant belonging to the infamous Dharma Ransomware family. Although the OVO Ransomware doesn't display any major improvements over the typical Dharma Ransomware threat, it is still a powerful malware that can lock users out from accessing their files. The encryption algorithm used by the threat affects a wide range of popular file types including MS Office docs, PDFs, images, photos, audio and video files, databases, archived, etc.
Every encrypted file will have its name modified significantly. The threat will append to the original file name an ID string unique for the victim, followed by an email address under the control of the hackers, and finally '.OVO' as a new extension. The email is 'email@example.com.' Following the typical Dharma Ransomware variants behavior, after completing its encryption routine, the OVO Ransomware will proceed to drop its ransom note in two different forms - a pop-up window displaying the main message from the hackers and text files named 'FILES ENCRYPTED.txt' that contains a truncated version of the note.
According to the instructions found in the pop-up window, victims of the OVO Ransomware will have to pay an unspecified amount to the cybercriminals if they want to receive the decryption key needed to potentially restore their files. As communication channels, the hackers provide two email addresses. The main email is the same as the one placed in the file names - 'firstname.lastname@example.org.' If users do not receive a response within 12 hours, they are directed towards the secondary email at 'email@example.com.'
The full text of the ransom note is:
'YOUR FILES ARE ENCRYPTED
Don't worry, you can return all your files!
If you want to restore them, follow this link: email firstname.lastname@example.org YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:email@example.com
Do not rename encrypted files.
Do not try to decrypt your data using third-party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
The note in the text file is:
'all your data has been locked us
You want to return?
write email firstname.lastname@example.org or email@example.com.'