“Onion” ransomware the next Cryptolocker: Kaspersky

“Onion” ransomware the next Cryptolocker: Kaspersky

Security vendor uncovers what could be the most technologically advanced encryptor thus far.

Kaspersky Lab has uncovered a type of encrypting ransomware that attempts to hide its malicious nature.

Dubbed “Onion,” because it uses the anonymous network Tor (the Onion Router) to make it hard to track, it encrypts user data and then demands ransom for decryption.

Kaspersky Lab senior malware analyst, Fedor Sinitsyn, said the malware demonstrates how Tor has become a proven tool and is being implemented into other types of malware.

“The Onion malware features technical improvements on previously seen cases where Tor functions were used in malicious campaigns,” he said.

This new malware, which uses a countdown mechanism to scare victims into paying for decryption in Bitcoins, is described by Sinitsyn as the potential successor to Cryptolocker.

Users affected by the ransomware are warned to pay up within a 72-hour deadline or all the files will be lost forever.

The new normal

The Onion transfers secret data and payment information with command and control servers within an anonymous network.

Sinitsyn said this kind of communication architecture existed in the past, though it was limited to banking malware families such as the Tor-enhance 64-bit ZeuS.

“Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals,” he said.

“The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server.”

Read more: Beware of Wi-Fi when using E-tax: Bitdefender

Sinitsyn said these characteristics add up to a “highly dangerous threat,” as well as one of the “most technologically advanced encryptors” in existence today.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Read More:

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags zeussecurityCryptolockerransomwaremalwarekaspersky lab



 IN PICTURES: VeeamON Tour in Sydney and Melbourne (+ 17 photos)

IN PICTURES: VeeamON Tour in Sydney and Melbourne (+ 17 photos)

The VeeamON tour showcased company's upcoming release of the Veeam Availability Suite v9. Veeam product strategist, Rick Vanover led the discussions in Sydney and Melbourne about the upcoming v9 and other Veeam innovations for the new year.​ VeeamON was held on September 23 at the Museum of Sydney, Warrane Theatre, and at Melbourne Museum in Melbourne on September 24.

IN PICTURES: VeeamON Tour in Sydney and Melbourne (+ 17 photos)
 IN PICTURES: Greentree A/NZ Partners Explore Japan (+ 13 PHOTOS)

IN PICTURES: Greentree A/NZ Partners Explore Japan (+ 13 PHOTOS)

As part of a regular strategic planning program for select Greentree A/NZ partners, they enjoyed a week in Japan combining strategic planning sessions with sightseeing. Principals and their partners from Star Business Solutions, Endeavour Solutions, Addax Business Solutions, GT Business Solutions, bizlinkIT and Verde Group joined Greentree chief executive, Peter Dickinson, channel director, Graham Hill, and R&D director, Stephen Sims in Tokyo and took in Hiroshima, Kyoto and Hakone, including travel on the famed bullet train which hit a top speed of 296 KPH.

IN PICTURES: Greentree A/NZ Partners Explore Japan (+ 13 PHOTOS) is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments