1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

OnyonLock Ransomware

OnyonLock is one of the ransomware infections that encrypt file but do not lock the computer screen. The OnyonLock ransomware encrypts a huge range of files, except for .exe Internet browsers. Upon encrypting .jpg, .doc, .ppt, and tens and hundreds of other files, the OnyonLock ransomware adds its extension .onyon to the existing one. Photos and other valuable information becomes inaccessible, unless you have a copy of your files backed up in a storage device or a cloud. In any case, it is important to remove the infection from the computer to prevent new malicious downloads and data losses.

Typically, a ransomware infection locks the screen and displays a full-screen ransom warning in which the victim is informed about changes made on the computer. The latest ransomware threats lack the feature locking the screen. Instead, the infections creates a file with a ransom warning on the desktop or in some other location. The OnyonLock malware creates several ransom files in different directories, which is probably done to boost the chances for the victim to open one of the files featuring the ransom warning. The file is named "!#_DECRYPT_#!.inf" and is open in the notebook.

The attackers' message gives detailed information about the encryption made on the computer. Victims are informed that all their files are encrypted and that the encrypted files can been restored after paying a certain amount of money. The release fee depends on how quickly victims react and contact the attackers at decrypter@onyon.su. According to the ransom message, after receiving the money, they will send the user a decryption program. To guarantee that they are serious about the deal, they offer the victim to decrypt up to 3 files for free if the total size of the files has is smaller than 10 MB. Another important condition is that those files should not contain valuable information, which probably means that the victim should not provide files containing usernames, passwords, or some other identifiable information. Our advice is to ignore such attackers' claims as there are little chance that some crooks would bother to decrypt your files. Their major goal is to swindle you out of your money without mercy.

As to paying the ransom, the hackers use a electronic currency called bitcoins, which can be bought online on different websites at similar exchange rates. We advise you against spending money on this hoax as your investment in some decryption software is likely to be useless. Not all ransomware developers are capable of providing decryption keys or utilities, but their ability to create a destructive product has already brought huge profits. Instead of risking losing a possibly high sum of money, back up your data and take action to prevent similar issues in the future.

Those computer users who are not familiar with this type of malware may think that such cases should be treated seriously. The attackers threaten that by using third-party decryption software the user may permanently lose valuable data, which openly implies that the user is supposed to trust the ransom message blindly and follow the instructions given. Our expert advice is to remove the infection and shield the system from other ransomware infections so that you do not have to deal with online privacy-related issues in the future.

An unprotected operating system can get infected any time, and this is usually done without the user's knowledge and consent. Such infections as the OnyonLock ransomware are installed silently alongside freeware or retrieved by malware downloaders. The longer you keep the computer unprotected, the bigger the risk.

Fortunately, the removal of the OnyonLock ransomware does not require professional knowledge about malware. An inexperienced user can remove the OnyonLock malware manually as it is enough to delete several malicious files. However, the infection can be disguised as a regular file, which makes identification slightly complicated. The downside to removing the infection manually is that we cannot specify the exact name of the malicious files, so you delete files at your own risk. In case you do not want to try removing OnyonLock manually, use our recommended security program.

How to remove OnyonLock ransomware

  1. Delete all the files named !#_DECRYPT_#!.inf.
  2. Remove all recently downloaded files from the Desktop, Downloads, and Temp folders.
  3. Empty the Recycle bin.
Download Spyware Removal Tool to Remove* OnyonLock Ransomware
  • Quick & tested solution for OnyonLock Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.