Menu
“Onion” ransomware the next Cryptolocker: Kaspersky

“Onion” ransomware the next Cryptolocker: Kaspersky

Security vendor uncovers what could be the most technologically advanced encryptor thus far.

Kaspersky Lab has uncovered a type of encrypting ransomware that attempts to hide its malicious nature.

Dubbed “Onion,” because it uses the anonymous network Tor (the Onion Router) to make it hard to track, it encrypts user data and then demands ransom for decryption.

Kaspersky Lab senior malware analyst, Fedor Sinitsyn, said the malware demonstrates how Tor has become a proven tool and is being implemented into other types of malware.

“The Onion malware features technical improvements on previously seen cases where Tor functions were used in malicious campaigns,” he said.

This new malware, which uses a countdown mechanism to scare victims into paying for decryption in Bitcoins, is described by Sinitsyn as the potential successor to Cryptolocker.

Users affected by the ransomware are warned to pay up within a 72-hour deadline or all the files will be lost forever.

The new normal

The Onion transfers secret data and payment information with command and control servers within an anonymous network.

Sinitsyn said this kind of communication architecture existed in the past, though it was limited to banking malware families such as the Tor-enhance 64-bit ZeuS.

“Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals,” he said.

“The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server.”

Sinitsyn said these characteristics add up to a “highly dangerous threat,” as well as one of the “most technologically advanced encryptors” in existence today.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Read more: Beware of Wi-Fi when using E-tax: Bitdefender


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareransomwarekaspersky labzeusCryptolocker

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments