Kaspersky Lab encountered new encrypting ransomware ‘Onion’
Kaspersky Lab has found a new malware known as the Encrypting ransomware. This is the new type of malware which malware which encrypts user data and then demands ransom for decryption. The lab has named it as ‘Onion’ ransomware s it uses the anonymous network Tor (the Onion Router) in order to hide its malicious nature. This is the successor of the earlier found CryptoLocker and GpCode. The news malware Onion communicates through command and control servers located inside the anonymous network.
Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab said, “Now it seems that Tor has become a proven means of communication and is being utilized by other types of malware. The Onion malware features technical improvements on previously seen cases where Tor functions were used in malicious campaigns. Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server. All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there.”
The malware travels through botnet, which then gets a command to download and run another piece of malware from the Joleee family on the infected device. This is one way the researches have noticed that the malware is spreading. In order to protect the device from this malware and also to avoid any situation the Kaspersky Lab has provided some suggestive measure like, Back up your important files. This is one of the best ways to protect your valuable data. Apart from this one can also install good anti-virus software which will protect the device from all sorts of malwares.