The recently discovered OphionLocker ransomware caught researchers’ attention with its efficiency as it uses advanced Crypto and Tor for Bitcoin ransoms.
OphionLocker is a typical ransomware that locks your files and demands a ransom in order to unlock them. The ransom amount is usually one Bitcoin, although it may vary depending on the country.
Malware researchers have found out that OphionLocker uses Crypto+++ Elliptical Curve Cryptography to encrypt data. Once in your system, it will display the following message: ‘From now on you have 72 hours to pay or the key will be permanently deleted from our server and you won’t EVER get your files back.’
And, in order to make it harder to track, OphionLocker gives instructions regarding the demanded payment via Tor2web URL.
According to Knowbe4 blog, after OphionLocker enters your system, ‘it will generate a unique hardware ID based on the serial number of the first hard drive, the motherboard’s serial number, and other information. It will then contact the malware’s Control & Command server via TOR site and check if this particular hardware ID has been encrypted already. When you go to the ransomware site, it will prompt you to enter your hardware id. Once entered it will display the amount of ransom you are required to pay and provide a Bitcoin address that you should send the payment to.’
Thankfully, Knowbe4 have discovered that OphionLocker is not yet capable of deleting your files, which then makes it possible to recover them after you manage to remove the ransomware from your system. However, Trojan7Malware reported that public keys are ‘pre-packed‘ within the ransomware meaning the encryption can start even without Internet connection.
To see if your system has been affected by OphionLocker, click here to download a FREE system scanner.