As if ransomware wasn’t dangerous enough, a new strain even more malicious than usual has been discovered.
MalwareHunterTeam cybersecurity researchers recently identified Onyx, a strain of ransomware that doesn’t bother to encrypt large files, it just ruins them.
As reported by BeepComputer, Onyx was discovered overwriting files larger than 200MB with gibberish. Smaller sized files are encrypted and could theoretically be recovered with the decryption key.
A feature, not a bug
Usually, ransomware operators sneak into the target network via a malware-compromised endpoint, map the network, exfiltrate sensitive data, and then encrypt everything.
Then they usually demand payment in exchange for the decryption key and a promise not to leak the stolen data to the web.
However, the decryption process never really works flawlessly. Cybersecurity researchers have often warned that data recovery is unreliable, with some databases only partially backed up.
In this case, however, the destruction of some files is a feature of the malware and not a bug.
MalwareHunterTeam managed to get a sample of the encryptor and discovered that destroying large files was still the plan. Therefore, paying the ransom to the Onyx operators does not guarantee that the data will be restored.
Prior to obtaining the sample, the team found the band’s ransom note, which they claim is “mostly a copy-and-paste of Conti’s note.”
Conti is a Russian-based ransomware operator who has been compromised himself, with internal discussions and source code leaks all over the web.
The Onyx group has managed to successfully attack six victims so far, the security researchers found.