OnyxLocker Ransomware

What is OnyxLocker Ransomware?

When files are encrypted by OnyxLocker Ransomware, they cannot be read because there is no program that could decipher the encryptor used. The process of encryption is very simple because people can use it to protect their files; however, cybercriminals have decided to encrypt files to make money, and they have been very successful at it. Anti-Spyware-101.com researchers have faced an uncountable number of file-encryptors, and a few of the more recent ones include Devos Ransomware, 2048 Ransomware, and Pashka Ransomware. Some are more complex than others, and some of the threats are capable of stealing passwords, wiping data, deleting shadow copies, and doing other terrible things. Most often, however, cybercriminals stick to encryption alone because that is enough to back Windows users into a corner. If you too feel backed into a corner, you might be thinking about the option of paying the ransom, but our researchers recommend that you focus on deleting OnyxLocker Ransomware instead.test

How does OnyxLocker Ransomware work?

We do not know how exactly OnyxLocker Ransomware entered your operating system. This malware might have slithered in via a spam email (in most cases, fake attachments are used, and recipients are asked to enable macros), or an unpatched RDP vulnerability could have been used silently. Whatever the case might be, we know that OnyxLocker Ransomware does not sit around, so to speak, to encrypt files. It immediately scans files in the %APPDATA% and %USERPROFILE% (Desktop, Documents, Music, Pictures, and Videos folders) directories to check what can be encrypted. Unfortunately, this malware can pretty much encrypt everything. For example, it encrypts all files with ".pdf", ".zip", ".ppt", ".doc", ".docx", ".rtf", ".jpg", ".jpeg", ".png", ".img", ".gif", and ".mp3" extensions, and these are just a few of those that the threat targets. Normally, you might not see which files were encrypted, but the threat adds the ".onx" extension to help you out. Of course, removing the extension or renaming the files is not something that will help you restore them. Even removing the infection itself will not help.

Unfortunately, the attackers behind OnyxLocker Ransomware are quick to offer a solution. They use a file named "Прочти меня! {random number}.txt" to introduce you to a message that, most likely, is completely misleading and unreliable. It is likely that copies of this file will be dropped to the affected folders, and all copies should be deleted. If you open the file – which is safe to do – you are introduced to a message claiming that files can be restored only if you pay a ransom of $100. You are instructed to transfer it in Bitcoins to the attackers’ Bitcoin wallet (3LV85h9s2y5c5DLi3YiACDKaR3tytmp3Lq). When we checked it, it was empty, which is good news. Perhaps the threat is not spreading, or the victims do not need to obey the attackers’ demands. Although free decryptors that could decipher the OnyxLocker Ransomware encryptor did not exist at the time of research, not all victims will need to decrypt their files. Some of them will be able to replace the files using copies. Do you use virtual clouds or external drives to keep copies of your files safe? If you do, remove the infection and then use the copies to replace the corrupted files. Do NOT access your backups via the computer until it is rid of malware.

How to delete OnyxLocker Ransomware

The attack of OnyxLocker Ransomware can ruin anyone’s day, but if you are prepared for an attack like that, you should escape the situation without lasting consequences. So, do you have copies of your files backed up outside the computer? That is an important step when it comes to preparing for malware attacks. You can always delete malware and reinstall your operating system, but personal files are irreplaceable, and so you need to have copies. Hopefully, you do, and you can use them to replace the corrupted files after you remove OnyxLocker Ransomware. If backups do not exist, paying the ransom requested by the attackers might seem like the only option you’ve got, but since cybercriminals are unlikely to give you anything in return for your money, we suggest keeping it to yourself. When it comes to removal of the threat, we strongly advise installing anti-malware software. It will automatically detect and delete the launcher file, which, unfortunately, could be anywhere. On top of that, it will also protect your system, which is also an important step in preparing for malware attacks.

Removal Instructions

  1. Launch Explorer by tapping Windows and E keys on the keyboard.
  2. Enter the following paths into the field at the top to look for the launcherof the ransomware:
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Documents
    • %TEMP%
  3. If you can find the malicious launcher file, right-click it and Delete it.
  4. Also, Delete all copies of the Прочти меня! {random number}.txt file.
  5. Empty Recycle Bin.
  6. Install a malware scanner you trust to inspect your system and check for leftovers. 100% FREE spyware scan and
    tested removal of OnyxLocker Ransomware*

Leave a Comment

Enter the numbers in the box to the right *