Blog

Ranstop blocks ONI ransomware

Test subject – ONI ransomware

In October last year, many Japanese companies were under attack for as long as a few months, during which cybercriminals were exfiltrating, encrypting data and destroying mission-critical devices. One of the ransomware used in these attacks was ONI.

Almost a year later, last month, a new ONI ransomware was released. It is not yet determined if the two are related, but there are several indicators that they might be. The Russian (first) version attacked user files on non-critical computers but replaced the MBR on servers and other essential devices.

ONI ransomware test facts

Our new version attacks only files, regardless of the target device. Once executed, it will erase Windows backups, shadow copies, limiting recovery options. This process requires administrative privileges as ONI will not try to bypass UAC, but regardless of the user’s choice, the attack will not stop, encryption will shortly follow. ONI is relatively slow, as it took more than 15 minutes to encrypt all our “valuable” test files. It also altered the Windows registry, gaining access to some system resources. Slowly, but effectively, all our files were encrypted and renamed, also getting the new “oni” extension, making them completely unrecognizable. The slow encryption process had a positive effect on the resources, as it did not slow down the system, an indication that something is wrong. Might not raise any suspicions in many users, until it’s too late.

Once done, ONI will drop the same test file in all attacked folders, containing basic instructions on how to recover the lost files. As there is no specific amount mentioned in the note, the ransom might be negotiated, although we will never recommend paying.

ONI ransomware test results

TEMASOFT Ranstop detects ONI ransomware easily once it starts encrypting files. Upon detection, the user is alerted, and the ransomware process is blocked and quarantined. The affected files are automatically restored so that the user doesn’t lose her important documents.


Click here to watch TEMASOFT Ranstop blocking ONI ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023