Test subject – ONI ransomware
In October last year, many Japanese companies were under attack for as long as a few months, during which cybercriminals were exfiltrating, encrypting data and destroying mission-critical devices. One of the ransomware used in these attacks was ONI.
Almost a year later, last month, a new ONI ransomware was released. It is not yet determined if the two are related, but there are several indicators that they might be. The Russian (first) version attacked user files on non-critical computers but replaced the MBR on servers and other essential devices.
ONI ransomware test facts
Our new version attacks only files, regardless of the target device. Once executed, it will erase Windows backups, shadow copies, limiting recovery options. This process requires administrative privileges as ONI will not try to bypass UAC, but regardless of the user’s choice, the attack will not stop, encryption will shortly follow. ONI is relatively slow, as it took more than 15 minutes to encrypt all our “valuable” test files. It also altered the Windows registry, gaining access to some system resources. Slowly, but effectively, all our files were encrypted and renamed, also getting the new “oni” extension, making them completely unrecognizable. The slow encryption process had a positive effect on the resources, as it did not slow down the system, an indication that something is wrong. Might not raise any suspicions in many users, until it’s too late.
Once done, ONI will drop the same test file in all attacked folders, containing basic instructions on how to recover the lost files. As there is no specific amount mentioned in the note, the ransom might be negotiated, although we will never recommend paying.
ONI ransomware test results
TEMASOFT Ranstop detects ONI ransomware easily once it starts encrypting files. Upon detection, the user is alerted, and the ransomware process is blocked and quarantined. The affected files are automatically restored so that the user doesn’t lose her important documents.
Click here to watch TEMASOFT Ranstop blocking ONI ransomware (video)!
Learn how to protect against ransomware!
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.
This post was last modified on August 21, 2023 7:26 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…