Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Apr 2018

How to remove Oblivion ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Linas Kiguolis · Expert in social media

Oblivion ransomware is a dangerous virus from Scarab family

Oblivion ransomware

Oblivion ransomware is a crypto-virus that encodes a variety of personal files on users computers. It uses AES[1] cipher and adds .OBLIVION extension to each of the encrypted files. The malware drops a ransom note called OBLIVION Decryption Information.txt where hackers ask victims to contact them via obliviondecrypt@cock.li  or obliviondecrypt@protonmail.com email and arrange the payment in BTC for data release.

SUMMARY
Name Oblivion ransomware
Type File locking virus
Cipher used AES
Fille extension .OBLIVION
Contact email obliviondecrypt@cock.li or obliviondecrypt@protonmail.com
Danger level High. Encrypts all files which might never be decrypted
Distribution Spam email attachments, malicious websites, etc.
Elimination  Automatic only – download and install FortectIntego or MalwarebytesMalwarebytes

Oblivion virus was first noticed in late April 2018 and is a variation of Scarab ransomware. Therefore, it is sometimes referred to as Scarab-Oblivion ransomware. Scarab malware was first spotted a few years ago and since then keeps coming back with newer and even more sophisticated versions, and Oblivion is one of them.

Ransomware is a dangerous threat as victims are at risk of losing their files permanently. We provide file recovery procedures below, so make sure to check them out. But, first of all, you need to remove Oblivion ransomware using powerful security software – we recommend FortectIntego or MalwarebytesMalwarebytes.

Oblivion ransomware typically enters machines via contaminated spam email attachments or malicious files from the internet. As soon as it gets inside the computer, it alters the array of settings. This allows the file-locker to load itself with every Windows boot up.

After strengthening its presence, the crypto locker appends .OBLIVION extension and converts file names into randomly generated alphanumerics. For example, if you had a file called picture.jpg, it will be turned into EuUDruppb9kjgkw5HlgzXo.OBLIVION. From this point, these files are encrypted and need to be unlocked using a specific key that is held on a remote server.

Oblivion ransomware authors abuse this situation and ask for money in return. The victim is asked to contact them via obliviondecrypt@cock.li or bliviondecrypt@protonmail.com email and is warned that any complaints will result in permanent blockage of data as they will never provide the key. Cybercrooks request to resolve the issue “in a friendly situation.”

However, contacting hackers is not a smart move. First of all, if they are trying to extort money in such illegal way – they might as well not send you the key back, even after the payment is processed. In other cases, you might receive a contaminated file that may install other malware on your computer. Furthermore, hackers might target your machine again, knowing that you are willing to pay.

Thus, do not contact Oblivion virus authors. These people cannot be trusted. Instead, proceed with Oblivion ransomware removal. After you get rid of the virus, you can then start thinking about ways how to recover your files. Unfortunately, the only trustworthy way to get your data back is from a remote backup, such as cloud server or external HDD that was not connected to the PC during contamination.

If you did not have your files backed up, there are some alternative methods that you can try. All the instructions are below this article.

Oblivion virus

Be careful when you open emails from unknown sources

Spam emails are still the most prominent ransomware distribution method as it is effective. Thus, cybercrooks send hundreds if not thousands of phishing emails[2] to unsuspecting users. There are quite a few signs that separate illicit email from a genuine one:

  • Users are never referred to using their names (as emails are sent to masses);
  • The email address that the phishing mail was sent from can be very similar to original retailer name, for example, info@anazon.com (if not looking carefully one might think that the email is coming from Amazon);
  • Such emails contain attachment in .txt, .doc, .pdf or few other formats and users are urged to open the file persuasively;
  • Quite often, victims are asked to enable a macro function to open the file.

Besides, email providers have a built-in scanner which marks up suspicious emails, so never ignore these warnings!

Other methods of ransomware distribution are through unprotected RDP configuration, exploit kits, fake updates, repacked or cracked software installers, etc.

Get rid of Oblivion ransomware automatically

It is not possible to remove Oblivion virus manually, so don’t even attempt that. The malware runs multiple scripts in different locations of the system and roots deep into the OS.

Instead, you should employ reputable anti-virus software that can take care of Oblivion removal. Helper objects might block the operation of security software; therefore, security specialists[3] recommend entering Safe Mode with Networking.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.