OXAR Ransomware

The OXAR Ransomware is a modified version of Hidden Tear, which encrypts your files and can drop messages asking for ransoms via text, images or pop-ups. While the OXAR Ransomware's data-locking feature is intact, malware researchers can recommend alternatives to paying an extortionist's fee for restoring any encoded content. When possible, you should block and delete the OXAR Ransomware with anti-malware products before it can initiate its encryption attack.

Expanding the Net of Data Attacks for Growing Ransoms

Hidden Tear is a high-yielding collection of Trojans, but not the usual source to look for threats that show evidence of creative features. Most variants of Hidden Tear demonstrate significant variability in nothing more than their ransom notes, which are custom-tailored to different threat actors' preferences. Now, however, malware researchers are finding another HT version, the OXAR Ransomware, which is showing a significantly increased capacity for damaging media.

The OXAR Ransomware uses a similar, AES-based encryption feature as other versions of its family, which encodes the user's media with an algorithm meant to block it until they buy a decryption key. Many versions of Hidden Tear are limited to just barely over twenty different formats of data for encrypting, but the OXAR Ransomware's author has upgraded this function significantly. With a cost in increased footprint and payload duration, the OXAR Ransomware attacks seventy-two different types of files, almost all of which are general-purpose formats, such as WAV, HTML, MP3, BAT and JPG.

Although this expansion of what content to attack is relatively original, the OXAR Ransomware's ransom instructions are a copy of previous resources from other threat campaigns primarily. This HTML-based pop-up asks for 100 USD in Bitcoins and includes links to relevant websites for further information. Like most cryptocurrencies, Bitcoin makes consent from the second party a prerequisite for a refund, which can enable the threat actor to take this money without giving the victim a code to the decryptor.

Getting out of a Lock-In that's Flimsier than Obvious

The OXAR Ransomware should be compatible with previous decryption solutions available for Hidden Tear-based Trojans, but malware researchers also discovered another flaw for helping users recover. Currently, the OXAR Ransomware uses the fixed password of 'key' for its bundled decryption module. Entering that code into the window should unlock all of your encrypted files. If this Trojan is updated to correct the issue its victims can continue using both third-party decryption software or backups.

System infiltration from the OXAR Ransomware can arise through any of several exploits:

• E-mail content may disguise itself as safe to trick a victim into opening it and enabling exploits that drop and run this threat automatically.
• Con artists can gain access to your login credentials through methods such as brute-forcing and, then, install the OXAR Ransomware by manual methods.
• A website can host exploit kit packages that scan the PC for vulnerabilities and let them initiate drive-by-download attacks with either no consent or misinformed consent from the user.

The OXAR Ransomware hasn't received any massive updates to protect it from detection methods that are equally workable against other Hidden Tear clones. Most anti-malware programs are detecting and removing the OXAR Ransomware at acceptable rates. If your anti-malware protection is active, it should isolate this Trojan without letting its data-locking encryption go off.

The OXAR Ransomware's copy-pasted ransom demands make much noise about warning you not to seek alternatives to paying its Bitcoin price. However, when a con artist tells you to do one thing, the best course of action, often, is to do the opposite, particularly when money is on the line.

Technical Details