If ransomware is not dangerous enough, a new species that is more malicious than usual has been discovered.
Cybersecurity researchers at MalwareHunterTeam recently discovered Onyx, a ransomware species that does not bother to encrypt large files, and destroys them.
Reported by Bleeding computer, Onyx was found to inadvertently overwrite files larger than 200MB. Smaller files are encrypted and theoretically protected with a decryption key.
One feature, not a bug
Typically, ransomware operators infiltrate the target network through a malware-compromised endpoint, map out the network, exfile sensitive data, and then encrypt everything.
Then, they usually demand payment instead of a decryption key and promise not to leak stolen data on the web.
However, the decryption process will never work flawlessly. Cybersecurity researchers often warn that data recovery is unreliable, with some databases being only partially saved.
However, in this case, destroying some files is a feature of malicious software, not a bug.
MalwareHunterTeam was able to obtain a prototype of the encryptor and found that destroying large files was always planned. Therefore, there is no guarantee that the data will be restored by paying the ransom to the Onyx operator.
Prior to receiving the sample, the team found the group’s redemption note, which they said was “mostly copy-paste to Kanti’s note”.
Conti is a Russian-based ransomware operator that compromises internal chats and source code leaks across the web.
The Onyx Group has so far been able to successfully attack six victims, security investigators have found.