As if ransomware wasn’t dangerous enough, a new strain has been discovered that’s even more spiteful than usual.
Cybersecurity researchers from MalwareHunterTeam recently identified Onyx, a ransomware strain that doesn’t bother to encrypt large files, it just ruins them.
As reported by BleepingComputer, Onyx was discovered overwriting files larger than 200MB with gibberish. Files that are smaller in size get encrypted and theoretically could be salvaged with the decryption key.
A feature, not a bug
Usually, ransomware operators sneak into the target network via a malware-compromised endpoint, map out the network, exfiltrate sensitive data, and then encrypt everything.
Then, they typically demand payment in exchange for the decryption key and a promise not to leak the stolen data on the web.
However, the decryption process never really works flawlessly. Cybersecurity researchers have often warned that data recovery is unreliable, with certain databases being only partially saved.
In this case, however, the destruction of some files is a feature of the malicious software, not a bug.
MalwareHunterTeam managed to obtain a sample of the encryptor and found that destroying large files was always the plan. Therefore, paying the ransom to Onyx’s operators is no guarantee the data will be restored.
Before obtaining the sample, the team found the group’s ransom note, which it says is “mostly a copy-paste of Conti's note”.
Conti is a Russian-based ransomware operator that has been compromised itself, with internal chats and source code leaking all over the web.
The Onyx group has managed to successfully attack six victims so far, the security researchers found.
Via BleepingComputer