What is an onion Ransomware?
The “Onion” is encrypting ransomware that encrypts user data and uses a countdown mechanism to scare victims into paying for decryption in Bitcoins. The cybercriminals claim there's a strict 72-hour deadline to ante up, or all the files are going to be lost forever. Technical improvements to the malware have made it a possible successor to Cryptolocker, a very dangerous threat together of the foremost sophisticated encryptors today.
How Onion Ransomware Runs
To transfer secret data and payment information, the Onion communicates with command and control servers located somewhere inside the anonymous network. Hiding the command server in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server. To find out more about the encryption scheme, please see the related blog post on securelist.com
For onion malware to reach the device, it starts with the Andromeda botnet (Backdoor.Win32.Androm). The bot then receives a command to download and run some part of the malware from the Joleee family on the infected device. Malware storage and download onion malware on the device. This is one of the most common ways to get rid of the malware.
Most attempted infections have been recorded in the CIS, while individual cases have been detected in Germany, Bulgaria, Israel, the UAE, and Libya.
How To Protect Back up important files
The best way to ensure the security of sensitive information is a consistent support schedule. Backup should be done regularly and, in addition, backups need to be made on a backup device that is only available during this process (e.g., removable storage that cuts immediately after the backup). Failure to comply with these recommendations will result in the attack of files that are backed up and encrypted in the same way as the original versions of the file.
Antivirus software
The security solution must be open at all times and all parts of it must work. The details of the solution data must also be up to date.
Comments
Post a Comment