OnyonLock is a crypto-ransomware that hails from BTCWare malware group
OnyonLock virus is a ransomware program that encrypts files and adds .onyon file extensions to filenames. The alternative name of the virus is ONYON ransomware, and it seems that it is a new variant of BTCWare virus[1]. The malicious program typically corrupts images, videos, documents, and other important records, then creates a ransom note and saves it as !#_DECRYPT_#!.inf on the desktop and folders that hold some encrypted files. The ransom note warns the victim that files were encrypted “due to a security problem with the PC,” which is actually true. However, this program is illegal because it seeks to infect computer systems on purpose to extort people. Criminals suggest writing a message to decrypter@onyon.su or tk.btcw@protonmail.ch and discussing further actions with developers of the ransomware. Currently, it is unknown how big is the ransom price, and it is likely that they might be willing to negotiate on this matter. The ransom note also provides one condition – the victim has three days to write the attackers; otherwise, they will delete the decryption key from their servers, which would make data recovery impossible. The attackers suggest testing the decryptor by sending three encrypted files; however, their total size must be less than 10Mb. Victims of this ransomware are advised to remove OnyonLock as soon as possible and restore files using data backups. The malware should be deleted using only professional malware removal tools, for instance, FortectIntego.

The first email address links to onyon[.]su page, and as we decided to visit, we discovered that it holds no content except a huge GIF of two kids trying to look scary. The use of that GIF is likely to be cybercriminals’ form of joking; however, we are sure that it doesn’t seem funny to people who fell victims to the ransomware attack. Besides, we decided to check who registered this site, and WhoIs report shows that registrar’s email address is jonnnilson29[@]gmail.com. If you ever receive an email from this person, do not open it! The attacker might get tracked down soon. Therefore, we suggest adding OnyonLock removal to the top of your to-do tasks list.

Ransomware distribution methods explained
Onyon Lock ransomware reportedly spreads via mail spam[2], so be careful when opening emails. Make sure that you know the sender personally, otherwise do not rush to click on links or attachments added to such virtual letter. We also advise you to avoid suspicious file sharing websites and especially fake “Rogers Hi-Speed Internet” software, which is used to spread BTCWare ransomware. In general, you should never download software from suspicious websites, and also read feedback from other people who have downloaded the software that you’re looking for. Even legitimate programs can contain malicious components, but only if you download these programs from malicious or phishing websites. Being aware of malware distribution methods can help you to avoid these dangerous programs, however, even the most open-eyed computer users can fall victims to various cyber attacks. Therefore, we suggest creating a data backup, regularly updating computer programs and of course, installing a trustworthy anti-malware software.
Best way to remove OnyonLock ransomware
If you’re wondering what is the best way to remove OnyonLock virus, we have the answer – the automatic one. Therefore, we suggest performing a full system scan with a powerful software that can help you to root out both spyware and malware type programs. However, even the best security programs can be stopped by obstacles created by malicious software; therefore, we suggest you read these OnyonLock removal instructions we prepared.
Was this guide helpful?
Be the first to comment