OmniSphere ransomware is the new virus that encrypts files and demands 0,03BTC in the ransom note where developers named the threat

The initial infiltration and malicious processes of OmniSphere ransomware virus are hardly noticed on the machine because hackers inject the code on a file and sometimes use brute force to open particular ports. When your data get marked with .omnisphere extension and virus creates those particular files, you can be sure that ransomware might already be gone from the system. It is common that the virus deletes itself, but leaves other files that control changes and system alterations, so cryptovirus is one of the more persistent cyber threats.
| Name | OmniSphere ransomware |
|---|---|
| Symptoms | Malware runs on the machine and encrypts files in common formats, so once people can't open their files they are more eager to pay up when the ransom is demanded |
| File marker | .omnisphere |
| Ransom note | ! DECRYPT_MY_FILES_OS.txt is the ransom note that shows on the screen with information about encryption and possible actions after the attack |
| File with victims' ID | unique_decrypt.key |
| Ransom amount | Starts at 0.0318 Bitcoin but criminals can double the price after 5 days or ask larger amounts from the beginning when something valuable is found on those files or your system |
| Distribution | Criminals can load the malicious script with the help of an infected file or other malware and brute force through unprotected RDP or rely on security flaws.[2] Since this is a new threat there are not many unique details known |
| Elimination | Remove OmniSphere ransomware with the anti-malware tool and clean the machine fully from virus damage using FortectIntego |
OmniSphere ransomware is set to target users on a global scale, but there is no information available about the group of hackers behind this threat or any features regarding the infection. It may come to light later once researchers get more malware samples or user reports.
Until then, the only tip from experts[3] is to stay away from contacting criminals related to this malware and remove OmniSphere ransomware traces from the machine. Depending on specific goals and conditions, hackers may develop the threat to run processes on the system and change particular settings of the device besides the encryption.
However, file locking starts immediately after the OmniSphere ransomware infiltration, and once those photos, documents, video files, archives, and other data gets marked with .omnisphere appendix, the virus can run other processes in the background and demand the payment.
OmniSphere ransomware ransom note delivers the following text:
## OmniSphere ransomware ##
—-
Y0UR PERS0NAL FILES, PHOTOS, DATABASES ARE ENCRYPTED!
If you want return all files, read this instruction
—-
The only way to decrypt your files is to receive the private key and decryption program
Private decryption key is stored on a secret server and nobody can decrypt your files
until you pay and obtain the private key
—-
To obtain the private key for this computer find special file (unique_decrypt.key)
(You can find this file in any encrypted folder)
If you found this file please, follow instruction below for DECRYPT ALL YOUR FILES:
—-
1. Download Tor Browser https://www.torproject.org/download/ and install.
2. Open Tor Browser
3. In Tor Browser open personal page here:
http://uu6issmbncd3wjkm.onion/46HFJZEAPF3JKNLU
4. When personal page open, click on browse button and upload unique_decrypt.key file
5. Follow instruction on personal page
Note! This page is available via Tor Browser only!

OmniSphere ransomware is developed by hackers and cybercriminals that can affect backups, archives, databases, multimedia files or documents. But the virus also targets system folders, Windows Registry and general settings of the machine to affect the speed, performance and file recovery options, or sometimes even damage the computer on purpose.
On the message delivered in the ransom note, OmniSphere ransomware developers claim that you have no other options besides paying the ransom and once you go to the Tor website the personal page opens up with particular payment instructions and the offer to decrypt one file for free.
This free test decryption is a common offering from cryptovirus developers because they try to fake the trust between them and the victim. Unfortunately for victims, one file recovery doesn't guarantee that criminals will restore your encrypted data. You should focus on OmniSphere ransomware removal first and then try to restore files with your backups or third-party data recovery software.
You can eliminate OmniSphere ransomware with the anti-malware tool, and once all traces of this virus get cleaned using FortectIntego or a different program, you can focus on file recovery. Since the official decryption tool was not developed yet, the best solution is replacing encoded data with file backups stored on cloud storage or external device. If you need more alternatives or tips for malware termination – go to the end of the article.

Payload carriers of ransomware include malicious files and pirated software
Since the malware is not yet analyzed in-depth and is not a version of any other family, we cannot be sure which method is employed for the delivery of this cryptovirus. However, there are not many possible scenarios since criminals behind such type of malware mainly focus on silent techniques and widely spreading campaigns. In most cases, creators focus on malicious files and distribute them via:
- Phishing email campaigns when the email gets attachments in common types of files with malicious script planted on the document or executable. This technique involves malicious macros and payload droppers that launches encryption immediately.
- Cracked software and other illegal distribution of programs, serial numbers, game cheats. Once you download such packages of laced files, you may get infected file that launches malicious script and infiltrates the machine with ransomware.
Thorough OmniSphere ransomware elimination involves proper anti-malware tools and additional data recovery software
This OmniSphere ransomware virus is set to affect your files and the performance of the system significantly. But developers also want to make sure that data remain locked and cannot be simply recovered, so you pay the sum. For this reason, the malware deletes Shadow Volume Copies and disables other system functions.
To remove OmniSphere ransomware completely, you need to address all those issues and alter changes made behind your back. The virus will reboot itself with each system start due to registry entry alterations, so you need a thorough system scan to fix all the issues. If you attempt to do all the changes manually, you can damage the machine further.
Automatic OmniSphere ransomware removal is the best option for malware termination, and staying away from paying the ransom keeps you from losing data and money permanently. Focus on anti-malware tools like FortectIntego, SpyHunterCombo Cleaner, MalwarebytesMalwarebytes and then rely on data recovery software that restores your encrypted files.
Was this guide helpful?
Be the first to comment