Home Malware Programs Ransomware '.onion File Extension' Ransomware

'.onion File Extension' Ransomware

Posted: April 20, 2017

The '.onion File Extension' Ransomware is a Trojan that holds your local files hostage for ransom payments. The encryption attacks may or may not be reversible by free decryption solutions, although readers can protect their files by backing them up, monitoring vulnerabilities in their network configurations, and avoiding spam e-mails. Always uninstall the '.onion File Extension' Ransomware with a dedicated anti-malware product that can account for any secondary threats playing secondary roles in the infection of your PC.

A Sharp Aroma Drifting into Your File Directory

Only recently, one of the latest updates to the Dharma Ransomware branch of the Crysis Ransomware family received confirmation of being in deployment. In spite of the potentially confusing brand labels, the '.onion File Extension' Ransomware is unrelated to the Onion Ransomware of two years ago, although all of these threats include the same broad style of attack.

The '.onion File Extension' Ransomware uses asymmetrical encryption methods, such as the AES-256 and RSA-2048, to encipher and block your local content. While this Trojan's family doesn't damage the operating system deliberately, your media like documents are routine inclusions in the scope of these file-locking attacks. The filename-changing format continues with the tradition of generating e-mail addresses, ID serial numbers, and new extensions ('.onion,' in this case) for each file.

The Trojan also muddies the waters of its identity, possibly deliberately, by delivering a pop-up ransom message that's designed to look like a component of the Globe Ransomware family. This HTA window relays instructions on buying Bitcoins to get a decryption solution, although the threat actor can take the payment without providing the victim with his half of the deal necessarily.

Preempting the Tears over an '.onion File Extension' Ransomware Tragedy

The '.onion File Extension' Ransomware is most likely spreading in one of two ways preferred by threat actors with experience in the Dharma Ransomware branch of its family. These infection vectors consist of:

  • Weak Remote Desktop Protocol settings can let hackers access your PC remotely and install threats like the '.onion File Extension' Ransomware at will. Compromises of short or simple passwords are most often responsible for RDP attacks, particularly against business sector entities.
  • E-mail attachments also are well-used methods of distributing Trojans of this type to otherwise difficult to access targets The attached file may disguise itself as a message from a fellow employee or a third-party company such as a package delivery service.

Free decryption solutions are extant for some versions of the Crysis Ransomware family. Despite that possible recovery option, malware analysts encourage blocking the '.onion File Extension' Ransomware's installation heavily and deleting this threat with anti-malware products before it can begin encoding any media.

The '.onion File Extension' Ransomware can confuse any victims with its wholesale theft of ransom notes from the campaigns of other cyber thieves easily. Beyond that, its update also shows the increasing interest that threat actors are taking in both lying to any victims and providing engaging kinds of social engineering for parting you from your money increasingly.

Loading...