Remove OnyonLock Ransomware And Restore Encrypted Files

Remove OnyonLock Ransomware And Restore Encrypted Files
Rate this post

OnyonLock Ransomware

OnyonLock Ransomware is a complex cyber threat which has strike number of computer recently. This nasty ransomware first came in the attention of security researchers on May 2017. this file encoding threat is also considered as a latest variant of the infamous BTCWare ransomware. Cyber criminals has created this threat for the intention of encrypting victims data and then demand huge amount of ransom in exchange of decryption. The infection report of this threat suggest that it is designed to target mostly the Windows system. To start its malicious intention the ransomware silently insert in its targeted system and immediately start its process. To make the file inaccessible it use the combination of AES and RSA crypto-graphic algorithms. It is a nightmare for those user who are not interested in creating backup because after encryption the only way to restore files are to use the unique decryption key.

OnyonLock Ransomware : How It Carry Out Its Attack?

As stated above, OnyonLock Ransomware silently invade the targeted computer to carry out its attack. Then it search for the suitable file to encrypt and you must know the ransomware can encrypt number of file types including audio or video files, images, documents and so on. Beside that it is also capable of encoding data stored on external media or network storage connected with the system. It make the condition worst by deleting the shadow volume copies and Windows restore points which can help the victim to restore data. Upon successful encryption the ransomware append an unique extension to all the files which read as .Onyon. Here you can see the file extension which the ransomware can attempt to encrypt :

The Ransom Demand Of OnyonLock Ransomware

After accomplishing the encryption process, OnyonLock Ransomware drop a ransom note on the compromised system. The ransom note is written in English but it doesn’t indicate that the threat only target English speaking user. The ransom note can be read as !#_DECRYPT_#!.inf which contain message which inform user about the file encryption and instruction about decryption. According to the message of ransom note user have to send a mail on decrypter@onyon.su if they want to restore the files. In order to convince user it also claim to decrypt three files for free. Beside that it also warn the victim to do not modify the encrypted files or use any third party software otherwise they can face permanent data loss. Here you can see text written in the ransom note :


Best Way To Deal With OnyonLock Ransomware

As recommended by expert the best way to deal with such threat is to create a backup of your important files. If you have backup available then you don’t need any decryption key to restore the files. Users are not encouraged to contact the criminals even they don’t have backup available. Because the criminals will demand you to pay a certain amount of money in exchange of the decryptor. There is no guarantee that you will get the decryptor even you have pay the ransom. You can use some recovery program to get back your files. In addition, you must remove OnyonLock Ransomware because it may again encrypt your files and bring more threats.

Removal Instructions of OnyonLock Ransomware

If you are also suffering from the ransomware and want to get rid of it then don’t worry. With the help of these manual removal steps you can remove it from your PC.

Step 1 : Boot your system in Safe Mode with Networking

  • Click on Start menu then Shutdown button.
  • Then click on Restart and click OK.
  • Start pressing F8 button once system become active.
  • It launch Advanced Boot Options window.
  • Select Safe Mode with Networking and press enter.

Step 2 : Remove Malicious Entries From registry

  • Press Windows + R button at once.
  • It will bring the Run Box on screen.
  • Type “regedit” to start the Windows registry.
  • Search for ransomware related entries.
  • Click on Disable option, to remove them.

Step 3 : Remove suspicious files from control panel

  • Close all the programs and select control panel.
  • Choose uninstall a program option.
  • You will get all the installed program.
  • Find out program related to Ransomware .
  • Click on Uninstall option to remove them.

Threats like ransomware create number of files in different location and removing it manually is tricky. So if you want complete removal at once then use the Free-scanner.

User Guide For Free Scanner Tool

Posted in Ransomware and tagged , , , , , , , , .

Willi is an active member, who dedicate his work to help our readers. So that they can fix all kind Windows problems along with viruses, malwares or spywares etc. He is also a co-author of Howtoremovemalwarepc.com, he likes to write more about Ransomware categorized virus and their characteristics.

Leave a Reply

Your email address will not be published. Required fields are marked *