[ad_1]
A new Onyx ransomware operation is destroying large files instead of encrypting them, preventing those files from being decrypted even if a ransom is paid.
Last week, security researcher MalwareHunterTeam discovered that a new ransomware operation called Onyx had been launched.
Like most ransomware operations today, Onyx threat actors steal data from a network before encrypting devices. This data is then used in double extortion schemes where they threaten to publicly release the data if a ransom is not paid.
The ransomware gang has been reasonably successful so far, with six victims on their data leak page.
However, the technical functionality of the ransomware was not known until today, when MalwareHunterTeam found a sample of the encryptor.
What was found is worrying as the ransomware overwrites large files with random junk data instead of encrypting them.
As you can see from the source code below, Onyx encrypts files less than 200MB in size. However, according to MalwareHunterteam, Onyx will overwrite any file larger than 200 MB with random data.
Since this is randomly created and unencrypted data, there is no way to decrypt files larger than 200 MB in size.
Even if the victim pays, the decryptor can recover only the smallest encrypted files.
According to the source code, the destructive nature of the encryption routine is intentional and not a bug. Therefore, victims are recommended to avoid paying the ransom.
[ad_2]
