“Onion” ransomware the next Cryptolocker: Kaspersky

Security vendor uncovers what could be the most technologically advanced encryptor thus far.

Kaspersky Lab has uncovered a type of encrypting ransomware that attempts to hide its malicious nature.

Dubbed “Onion,” because it uses the anonymous network Tor (the Onion Router) to make it hard to track, it encrypts user data and then demands ransom for decryption.

Kaspersky Lab senior malware analyst, Fedor Sinitsyn, said the malware demonstrates how Tor has become a proven tool and is being implemented into other types of malware.

“The Onion malware features technical improvements on previously seen cases where Tor functions were used in malicious campaigns,” he said.

This new malware, which uses a countdown mechanism to scare victims into paying for decryption in Bitcoins, is described by Sinitsyn as the potential successor to Cryptolocker.

Users affected by the ransomware are warned to pay up within a 72-hour deadline or all the files will be lost forever.

The new normal

The Onion transfers secret data and payment information with command and control servers within an anonymous network.

Sinitsyn said this kind of communication architecture existed in the past, though it was limited to banking malware families such as the Tor-enhance 64-bit ZeuS.

Read more: Webroot launches new channel program

“Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals,” he said.

“The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server.”

Sinitsyn said these characteristics add up to a “highly dangerous threat,” as well as one of the “most technologically advanced encryptors” in existence today.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Read More:

FILL IN THE SURVEY - AND YOU COULD BE A WINNER: ARN wants to hear from YOU. Tell us how you run a successful business and you could win an adrenaline-fuelled adventure of your choice. COMPLETE THE ARN SURVEY.

Tags Cryptolockersecurityzeusransomwarekaspersky labmalware

More about IDGIDG CommunicationsIDG CommunicationsIDG CommunicationsIDG CommunicationsKasperskyKaspersky

ARN Directory | Distributors relevant to this article

ARN Directory | Vendors relevant to this article

Comments

Comments are now closed

 
Computerworld
CIO
Techworld
CMO

Latest News

11:07AM
Business concerned about 'knock-on' costs of Federal Government data retention c...
10:21AM
Thiess signs NBN contract to connect 170,000 premises per year
09:49AM
Brisbane IT firm offers "miracle" cure for hospital robots
08:58AM
Sage inks A/NZ distribution deal with Aritmos Group
More News
16 Sep
ChannelAdvisor Insite - Sydney 2014
16 Sep
Ingram Micro SMB Favourites Roadshow
16 Sep
National Data Centre Roadshow - Sydney
17 Sep
SAP HR Connect
View all events