This spiteful new ransomware strain is even more dangerous than usual
File larger than 200MB? You won’t be needing those…
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
As ifransomwarewasn’t dangerous enough, a new strain has been discovered that’s even more spiteful than usual.
Cybersecurity researchers from MalwareHunterTeam recently identified Onyx, a ransomware strain that doesn’t bother toencryptlarge files, it just ruins them.
As reported byBleepingComputer, Onyx was discovered overwriting files larger than 200MB with gibberish. Files that are smaller in size get encrypted and theoretically could be salvaged with the decryption key.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.
A feature, not a bug
Usually, ransomware operators sneak into the target network via amalware-compromisedendpoint, map out the network, exfiltrate sensitive data, and then encrypt everything.
Then, they typically demand payment in exchange for the decryption key and a promise not to leak the stolen data on the web.
However, the decryption process never really works flawlessly. Cybersecurity researchers have often warned thatdata recoveryis unreliable, with certaindatabasesbeing only partially saved.
In this case, however, the destruction of some files is a feature of the malicious software, not a bug.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The number of ransomware attacks continues to skyrocket - but that’s not even the worst part>Ransomware attacks saw a huge rise in 2021>FBI sounds the alarm over virulent new ransomware strain
MalwareHunterTeam managed to obtain a sample of the encryptor and found that destroying large files was always the plan. Therefore, paying the ransom to Onyx’s operators is no guarantee the data will be restored.
Before obtaining the sample, the team found the group’s ransom note, which it says is “mostly a copy-paste of Conti’s note”.
Conti is a Russian-based ransomware operator that has been compromised itself, with internal chats and source code leaking all over the web.
The Onyx group has managed to successfully attack six victims so far, the security researchers found.
ViaBleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Dangerous Android banking malware looks to trick victims with fake money transfers
Sophos Firewall hack on government network used an all-new custom malware
Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now
