Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Slow internet connection
  • Connects to the internet without permission
  • Can't be uninstalled via Control Panel

Onyx Ransomware

According to our specialists, the creators of a malicious program called Onyx Ransomware are probably targeting users who speak the Georgian language. The presented ransom note is written in Georgian, and it claims that the malware encrypted user’s files. Thus, the infections creators demand you to pay a ransom. However, there is no need to pay any attention to such requirements as the threat does not encrypt even a single file. As it appears to be, the malicious application only locks your screen. Fortunately, the removal process should not be too complicated too, so you can get rid of the malware and use the computer just like before. The deletion instructions are placed below this text, but if you need more information about Onyx Ransomware, you could keep reading the article.

The malicious program might have been distributed through Spam emails. Even though the attached data could be an infected .exe file with a random title, it may not look so dangerous to the user. Nevertheless, you should take extra precautions when you receive files with Spam emails or if such data comes from an unknown source. For example, the text might state that the attached invoice is related to your latest purchases online, but the sender’s address might seem unrelated to the e-shop. It might look like a small detail, but in some cases, it is worth to be more careful and check the facts. Onyx Ransomware is not as harmful as other malicious programs from the same category, because unlike this threat, there are ransomware applications, which can actually encrypt user’s data.

However, as you launch the infected file, Onyx Ransomware locks your screen by placing a back window with a text in green letters. Below the text there is a picture of a character from an animated movie called Spirited Away; the character is known as Kaonashi or No-Face. If the malware would not block the Task Manager, you could use it to kill the malicious process and unlock the screen. Therefore, it might seem like it is impossible to close this window, but you can actually get rid of it by just restarting the system. It seems the threat does not create any entries in the Windows Registry to make the malware restart with the system, so if you do not launch the infected executable file again, the window should not appear after a reboot.

What’s more, we have a reason to suspect that the threat could be still updated and released again later on. At first, it may seem like the malware’s creators are trying to trick their victims by demanding to pay a ransom for a decryption tool when there is nothing to decrypt. There are such malicious programs, but in this case, the infection seems more like a first version released just to test it. As you may have noticed, the ransom note states the time limit, the sum, and the currency you have to pay with, but it does not specify the account in which you should transfer the money or how to contact Onyx Ransomware’s creators.

In other words, you could not pay the ransom even if you wanted to, so the only thing left to do is erase this threat from the system. As the instructions placed below shows, all you need to do is restart the computer and the window with ransom note should disappear. Then, it is important to find the malicious executable file that you may have downloaded from email. If you remember how it was titled or where it was saved, the task will be quite easy. Our specialists say the name could be random as the one they tested was called ScreenLocker.exe. If you do not remember where the file was saved simply take a look at the instructions; they will list a couple of possible directories. Also, if you have any questions related to the malware, you could write a comment here or send a message through social media.

Remove Onyx Ransomware

  1. Restart the computer.
  2. Locate the malicious executable file (e.g. it could be saved on the Desktop or in the Downloads and Temporary Files folders).
  3. Right-click the infected file and select Delete.
  4. Empty the Recycle bin.
Download Spyware Removal Tool to Remove* Onyx Ransomware
  • Quick & tested solution for Onyx Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.