Threat Database Ransomware OXAR Ransomware

OXAR Ransomware

By GoldSparrow in Ransomware

The OXAR Ransomware is a HiddenTear variant that was released in early July 2017. HiddenTear is an open source ransomware engine that has been responsible for countless attacks since it was released in August 2015 for 'educational purposes.' HiddenTear has since been adapted countless times to carry out effective ransomware attacks worldwide. The OXAR Ransomware is just one of the numerous variants of the OXAR Ransomware that are being released by con artists constantly. The easy availability of the OXAR Ransomware as an open source project has caused it to get to be one of the preferred methods used by the con artists to carry out ransomware attacks.

How the OXAR Ransomware Identifies the Encrypted Files

The OXAR Ransomware may be delivered to victims using corrupted DOCX files, which will be attached to spam email messages. These may use corrupted scripts to download and install the OXAR Ransomware onto the victim's computers. When the victim opens the file, the OXAR Ransomware will be downloaded and installed, then carry out its attack. The OXAR Ransomware infection consists of taking over the victim's computer, scanning the victim's drives and encrypting files with certain file extensions using a strong encryption algorithm. The files encrypted by the OXAR Ransomware attack will be marked with the file extension '.OXR,' which is added to the end of each affected file's name. The OXAR Ransomware will target the following file types in its attack:

.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.

The OXAR Ransomware’s Ransom Demand

The main purpose of attacks like the OXAR Ransomware is to generate revenue by demanding a ransom payment from the victim. The OXAR Ransomware displays a ransom note on the infected computer. The full text of the OXAR Ransomware ransom note reads:

'Files successfully encrypted !
What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time.
But if you want to decrypt all your files, you need to pay.
How Do I Pay?
Payment is accepted in Bitcoin only.
Please check the current price of Bitcoin and buy some bitcoins.
And send the correct amount to the address specified in this window.
And specify your client ID and your e-mail adress in the description when you send the payment via
We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!
Do not modify the ".OXR" extension of your encrypted files, it will become unrecoverable
Step one:
Create a portfolio at
Step two:
Buy 100$ USD
Step three:
Send 100$ USD in Bitcoin at 16Vs1Z2yrYBM49GpipN3yz1WaMSYS8xm16
Your working documents, holiday photos, children, videos, and all your valuable documents have been encrypted with a powerful encryption algorithm, follow the instructions given to retrieve the encryption key.

Unfortunately, the files encrypted by the OXAR Ransomware attack are not recoverable without the decryption key. However, PC security experts strongly advise computer users from refraining from paying the OXAR Ransomware ransom amount, since this will only allow its developers to continue creating these attacks. File backups should be used to ensure that your data is protected from the OXAR Ransomware and similar attacks.

SpyHunter Detects & Remove OXAR Ransomware

File System Details

OXAR Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe e7ac76cf349aa111f5a0f0ff0f905417 0
2. file.exe b55a984de9379ebc24ca0a16a321c9cb 0
3. file.exe f7ebfe9a98a578dade2c4af0b1fe3b52 0


Most Viewed