ONYC Ransomware — How to Remove It

ONYC Ransomware — How to Remove It

.ONYC Ransomware virus remove

Security reports indicate that a new dangerous virus is being released in the wild — the .ONYC ransomware. It is being spread by an unknown hacking collective using common methods.

A popular strategy is to send out phishing emails and crafted malware sites that are hosted on domains that sound similar to popular Internet portals. Their design and content might look familiar as they replicate the look and feel of the popular pages. An alternative is to fall victim to a dangerous payload. This can be a either a script-infected document which can be of all popular file formats: spreadsheets, presentations, databases and text documents. Whenever they are opened by the victims a prompt will appear asking them to enable the built-in scripts which will trigger the infection. Another method is the creation of malware software installers which are made by taking the legitimate files and modifying them to install the relevant virus code. Larger campaigns take advantage of browser hijackers which are dangerous plugins which are made compatible with the most popular web browsers. They are uploaded to the relevant repositories using fake user reviews and developer credentials.

As soon as it is installed on a given system the .ONYC Ransomware will immediately start its dangerous sequence of infection. This particular version is deemed very dangerous as most of them cannot be removed using manual methods — only a complete security solution can help remedy such threats. The code analysis of one of the found samples shows that the following modules are to be started:

  • Data Modification — The virus engine can both modify existing files and remove sensitive ones. This can prevent the users from accessing their data, performance issues and other issues. This includes the removal of backups, shadow volume copies and etc.
  • Security Bypass — The main module will locate if there are any programs that can block the proper virus execution. Such includes the likes of anti-virus programs, firewalls, intrusion detection systems and etc.
  • System Changes — The code analysis reveals that the virus is capable of leading to various changes including user preferences and operating system settings.
  • Master Boot Record Modification — This particular threat is known to modify the Master Boot Record (MBR) of the compromised computers. This can lead to problems when booting the computer properly and may render access to the recovery options impossible.
Related: .NHCR Files Virus (ChristsIbrahim) – Remove It

The actual file encryption will start when all modules have finished running. Using a strong cipher the victim data will be processed by targeting a built-in list of target file type extensions. ALl of the victims files will be renamed with the .ONYC extension. Both a ransomware note and a wallpaper change will be made.

Threat Summary

Name.ONYC Ransomware
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.
SymptomsThe ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .ONYC Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .ONYC Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.ONYC Files Virus – Update May 2019

The good news for all victims of GetCrypt ransomware is that a team of security researchers helped EMSIsoft to release a working decrypter for the ransomware, that should work, regardless of the extension attached to files.

So the moment you remove all malicious files and objects from your infected system you can download the Emsisoft Decrypter for GetCrypt and try to see if it works for you.

.ONYC Ransomware – What Does It Do?

.ONYC Ransomware could spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet. .ONYC Ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Read the tips for ransomware prevention from our forum.

.ONYC Ransomware is a cryptovirus that encrypts your files and shows a window with instructions on your computer screen. The extortionists want you to pay a ransom for the alleged restoration of your files. The main engine could make entries in the Windows Registry to achieve persistence, and interfere with processes in Windows.

The .ONYC Ransomware is a crypto virus programmed to encrypt user data. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.

You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.

The .ONYC Ransomware cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove .ONYC Ransomware

If your computer system got infected with the .ONYC Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share