Beware of Onyx malware: even if you pay the ransom, no data is recovered

Lately, there has been a return to talk of computer security due to a threat that has emerged to the detriment of computer users, through the Onyx malware that destroys much of the data on the affected systems, making the payment of the requested ransom useless.
Beware of Onyx malware: even if you pay the ransom, no data is recovered

Less than a month after the last alert, a new threat to digital computer security has emerged, with security experts warning against one of the most underhanded malware of recent times, Onyx.

Reported by MalwareHunterTeam, the virus in question has a rather usual part, namely its initial modus operando: after infecting the victim’s PC, it steals the data by communicating it to a remote server, and then goes into action. Specifically, Onyx proceeds to encrypt the data that arrives 2 MB, but proceeds to delete, overwriting it with random data, the information that exceeds that size (therefore most of the files on a computer).

By paying the ransom to obtain the decryption key, the user will therefore be able to recover only the smallest data, but not all the others, lost forever (even using files such as Recuva): at the moment, it is not entirely clear the reason for this way of acting. According to the Cert della Repubblica Cerca, as forensic analyst Jiří Vinopal, Onyx could derive from Chaos, a virus that later evolved into Ryuk (able to scrape together 150 million dollars in ransoms from the victims), since it essentially acts as a data wiper, more than just the usual ransomware that just takes data hostage to get a cryptocurrency payment.

According to others, however, Ony could act in this way as skidware, that is a virus written by those with low programming skills and, as a consequence of this, failing to encrypt files larger than the aforementioned 2 MB, would proceed to overwrite the others. .

Regardless of the fact that the work of the Onyx malware is aware or obtained as a result of a simple bug, experts recommend not paying the ransom requested by the hackers, since especially in the specific case, important data are not recovered (nor those of the most relevant systems), and to proceed in time to a correct security routine, which involves keeping a safety copy of their data even off-line.

Leave a Reply

Your email address will not be published. Required fields are marked *