Home > Cyber News > OphionLocker – New Ransomware Distributed by Drive-by Downloads and RIG Exploit Kit
CYBER NEWS

OphionLocker – New Ransomware Distributed by Drive-by Downloads and RIG Exploit Kit

ransomware1OphionLocker, a brand new file-encrypting malware relying on ECC (elliptic curve cryptography) has been spotted in the wild. This public-key crypto method uses two keys – public and private one. The public is used for locking the files, and the private one is being generated from the public one, and it is applied in the file-decrypting process. In the case of OphionLocker ransomware, the public key is available in the sample, but the one decrypting the data is being generated on the C&C (command and control) server, which can be only accessed by the authors of the malware.

OphionLocker Ransomware – Distribution Technique

These kind of threats usually use RSA and AES algorithms for the file-encryption. According to the researchers with Trojan7Malware, who discovered the OphionLocker Ransomware, this one relies on a RIG exploit kit when it comes to the distribution. The message displayed by OphionLocker Ransomware after it encrypts the files on the affected machine is almost identical to the one used in the CryptoWall attacks.

The Ransom

The authors of the OphionLocker Ransomware send their message in a few plain text files which are located on the desktop of the compromised computer. The demanded ransom amounts to 1 Bitcoin or $ 358. The deadline for paying the fee is three days, and unlike other pieces of ransomware, the sum is not being increased after the time is up. In this case, the cyber criminals have a different approach – they warn that the private key would be erased from their servers if the transaction is not completed in a timely manner.

The Payment Address

There is an address for the payment provided in the ransom message, which is located on the Tor anonymity network. The address is to be accessed through the Tor2web proxy network.

It is an interesting fact that OphionLocker Ransomware generates a hardware identification number, which is needed for the Tor address. The security researchers with Trojan7Malware explain that the cyber crooks can blacklist the numbers if they decide to prevent the encryption of the files on the targeted machine.

The most secure protection technique against ransomware is to backup your important data on a regular basis. Store the copied information on a remote device with no active Internet connection. This would to help you to restore your files in case your computer gets infected with ransomware.

Security experts report that although OphionLocker Ransomware uses a strong encryption, the file copies do not get completely deleted, which allows their recovery with the assistance of software designed to access the volume shadow copies.

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree