OphionLocker, a brand new file-encrypting malware relying on ECC (elliptic curve cryptography) has been spotted in the wild. This public-key crypto method uses two keys – public and private one. The public is used for locking the files, and the private one is being generated from the public one, and it is applied in the file-decrypting process. In the case of OphionLocker ransomware, the public key is available in the sample, but the one decrypting the data is being generated on the C&C (command and control) server, which can be only accessed by the authors of the malware.
OphionLocker Ransomware – Distribution Technique
These kind of threats usually use RSA and AES algorithms for the file-encryption. According to the researchers with Trojan7Malware, who discovered the OphionLocker Ransomware, this one relies on a RIG exploit kit when it comes to the distribution. The message displayed by OphionLocker Ransomware after it encrypts the files on the affected machine is almost identical to the one used in the CryptoWall attacks.
The Ransom
The authors of the OphionLocker Ransomware send their message in a few plain text files which are located on the desktop of the compromised computer. The demanded ransom amounts to 1 Bitcoin or $ 358. The deadline for paying the fee is three days, and unlike other pieces of ransomware, the sum is not being increased after the time is up. In this case, the cyber criminals have a different approach – they warn that the private key would be erased from their servers if the transaction is not completed in a timely manner.
The Payment Address
There is an address for the payment provided in the ransom message, which is located on the Tor anonymity network. The address is to be accessed through the Tor2web proxy network.
It is an interesting fact that OphionLocker Ransomware generates a hardware identification number, which is needed for the Tor address. The security researchers with Trojan7Malware explain that the cyber crooks can blacklist the numbers if they decide to prevent the encryption of the files on the targeted machine.
The most secure protection technique against ransomware is to backup your important data on a regular basis. Store the copied information on a remote device with no active Internet connection. This would to help you to restore your files in case your computer gets infected with ransomware.
Security experts report that although OphionLocker Ransomware uses a strong encryption, the file copies do not get completely deleted, which allows their recovery with the assistance of software designed to access the volume shadow copies.
