Omerta Ransomware
The Omerta Ransomware is a file-locking Trojan that encrypts or corrupts your documents, pictures, audio, and other media so that they will not open. Infections also are identifiable through the significant changes to filenames and the Notepad ransoming message that the Omerta Ransomware uses for selling its threat actor's unlocking service. PC users should attempt all other data recovery strategies before considering a ransom and use anti-malware products as appropriate for removing the Omerta Ransomware or protecting their computers preemptively.
A Trojan that Hides the Names of Its 'Victims'
A file-locking Trojan whose encryption attacks bears some of the hallmarks of the Scarab Ransomware family is just becoming identifiable, although malware analysts have yet to confirm the relationship with that family in more than a cosmetic sense. Besides the expected dangers of blocking media and demanding money for undoing its attack, the Omerta Ransomware also causes extra issues for anyone trying to ascertain the damages. Unlike most Trojans of its classification, the Omerta Ransomware overwrites the names of every file that it locks down completely.
The Omerta Ransomware doesn't use the traditional pattern of Base64-based encoding on filenames that it locks, and, instead, overwrites the names according to what malware experts are estimating is a unique cipher to this threat. Although this makes which files are being locked non-distinguishable from one another, relatively the Omerta Ransomware also adds two, relatively coherent extensions. One contains the threat actor's free e-mail address for negotiating a ransom, and the second has the '.omerta' string.
The encryption method in use for blocking all of these files is not known yet, although most file-locking Trojans similar to the Omerta Ransomware utilize some form of AES or Rijndael. The Omerta Ransomware also creates a text note for the victim that offers a file-unlocking decryption service in return for a Bitcoin payment of an unrevealed amount. Most of this note, except for the contact details and the ID number (which follows a similar format to the renaming function) is a copy-pasted effort from old versions of the Scarab Ransomware.
The Safe Way to Break a Digital Code of Silence
Some members of the Scarab Ransomware family can have any locked content unlocked through free software available to the public. However, this solution isn't always a possibility, and the Omerta Ransomware may only resemble that family's numerous variants superficially. A robust, network-segregated and regularly-updated backup storage plan is the best protection against file-locking Trojans like the Omerta Ransomware.
Malware analysts are seeing e-mail and brute-force attacks against bad passwords becoming regularly notable infection vectors for different Trojan campaigns that block files for money. Such attacks may disguise the Omerta Ransomware or its installers as workplace documents, news articles, delivery notifications, or other, non-hostile downloads. However, updated brands of anti-malware software can identify most of these threats on sight and should delete the Omerta Ransomware before it can lock any files, which is an attack that, typically, runs without alerting the user with any symptoms.
The Omerta Ransomware adds extra wrinkles into the mix for any compromised PC user who's trying to determine which documents and other media are in harm from its attacks. While this may be a ransom-provoking tactic, any changes to filenames should be irrelevant, in the face of a good backup.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.