“Onion” ransomware the next Cryptolocker: Kaspersky

Security vendor uncovers what could be the most technologically advanced encryptor thus far.

Kaspersky Lab has uncovered a type of encrypting ransomware that attempts to hide its malicious nature.

Dubbed “Onion,” because it uses the anonymous network Tor (the Onion Router) to make it hard to track, it encrypts user data and then demands ransom for decryption.

Kaspersky Lab senior malware analyst, Fedor Sinitsyn, said the malware demonstrates how Tor has become a proven tool and is being implemented into other types of malware.

“The Onion malware features technical improvements on previously seen cases where Tor functions were used in malicious campaigns,” he said.

This new malware, which uses a countdown mechanism to scare victims into paying for decryption in Bitcoins, is described by Sinitsyn as the potential successor to Cryptolocker.

Users affected by the ransomware are warned to pay up within a 72-hour deadline or all the files will be lost forever.

The new normal

The Onion transfers secret data and payment information with command and control servers within an anonymous network.

Sinitsyn said this kind of communication architecture existed in the past, though it was limited to banking malware families such as the Tor-enhance 64-bit ZeuS.

Read more: Beware of Wi-Fi when using E-tax: Bitdefender

“Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals,” he said.

“The use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server.”

Sinitsyn said these characteristics add up to a “highly dangerous threat,” as well as one of the “most technologically advanced encryptors” in existence today.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

Read More:

2015 State of The IT Channel Survey : IT'S TIME!!! Fill in this year's State of the IT Channel Survey and be in the running to win great prizes. CLICK HERE

Join the ARN newsletter!

Error: Please check your email address.

Tags zeussecurityCryptolockerransomwaremalwarekaspersky lab

More about IDGIDG CommunicationsIDG CommunicationsIDG CommunicationsIDG CommunicationsKasperskyKaspersky

ARN Directory | Distributors relevant to this article

ARN Directory | Vendors relevant to this article

 

Latest News

03:44PM
Dimension Data to bring Tour de France to billions cycling of fans
02:14PM
Aria Technologies’ wraps up national roadshow tour
11:06AM
Microsoft Azure available for WA customers via Express Route
11:02AM
Acer appointed to WA Government computing and mobile panel
More News
25 Mar
2015 International Women's Day Sydney Luncheon
26 Mar
Navigating the Internet of Things Summit
26 Mar
Navigating the Internet of Things Summit
22 Apr
2015 Innotribe Startup Challenge
View all events