As if ransomware wasn’t risky sufficient, a new strain has been determined that’s even greater spiteful than traditional.
Cybersecurity researchers from MalwareHunterTeam recently identified Onyx, a ransomware strain that doesn’t trouble to encrypt massive documents, it simply ruins them.
As suggested using BleepingComputer, Onyx was discovered overwriting files larger than 200MB with gibberish. Files that can be smaller in length get encrypted and theoretically will be salvaged with the decryption key.
Read More: Ransomware gangs are taking part in new and dangerous ways
A feature, not a bug
Generally, ransomware operators sneak into the target network through a malware-compromised endpoint, map out the community, and exfiltrate sensitive data, after which encrypt the whole thing.
Then, they normally call for payment in the alternative for the decryption key and a promise not to leak the stolen information on the net.
But, the decryption technique never really works perfectly. Cybersecurity researchers have often warned that the data recovery is unreliable/doubtful, with different databases being simple partially saved.
In this example, however, the destruction of some files is a feature of the malicious software, not a bug.
MalwareHunterTeam controlled to attain a pattern of the encryptor and found that destroying large files became usually the plan. Therefore, paying the ransom to Onyx’s operators is not assured the records may be restored.
Earlier than obtaining the pattern, the crew discovered the group’s ransom word, which it says is “usually a duplicate-paste of Conti’s word”.
Conti is a Russian-based ransomware operator that has compromised itself with inner chats and supply code leaking all over the net.
The Onyx group has managed to successfully attack six victims thus far, the safety researchers observed.
