OnyxLocker Ransomware

Russian-speaking Windows users are now targeted by OnyxLocker Ransomware, a dangerous file-encrypting threat that can encrypt pretty much all of your personal files. That is the main goal because if personal files are corrupted, the attackers have the chance to make you try to get them back. What is that process? The attackers want you to believe that you can pay a ransom and get a decryptor in return, but we doubt that that is what would happen. Our malware experts have analyzed hundreds of different ransomware infections – some of which are 2048 Ransomware, SySS Ransomware, and 5ss5c Ransomware – and if we know one thing, it is that cybercriminals can make any promises to scam you. Hopefully, you have not contacted the attackers yet, and you have backups that could be used to replace your personal files. Even if that is not the case, you need to focus on the removal of OnyxLocker Ransomware. Your files will not be restored, but you will never be safe unless you delete this threat.

There are plenty of backdoors that cybercriminals can use to drop OnyxLocker Ransomware onto your operating system without your notice. They can use spam emails, bundled downloaders, vulnerabilities, other infections, fake program cracks, or social engineering scams. If they achieve success, the infection is dropped and executed instantly. Then, it starts encrypting files, and the “.onx” extension is appended to their original names to make them more noticeable. Our researchers have found that the threat encrypts files in %APPDATA%, %USERPROFILE%\Desktop, %USERPROFILE%\Documents, %USERPROFILE%\Music, %USERPROFILE%\Pictures, and %USERPROFILE%\Videos directories, and it can encrypt pretty much all personal files (e.g., those with .PDF, .DOC, .AVI, .MP3, .JPG, and .PNG extensions). Next to the encrypted files, OnyxLocker Ransomware is likely to drop a file named “Прочти меня! {0-9}.txt.” Since the threat is targeted at Russian-speaking Windows users, the message inside this file is in Russian also. Opening the file dropped by the infection is safe, but paying attention to the information that is introduced via it is dangerous. Also, note that it is the only other component – besides the launcher – that must be deleted.

The message introduced to you by OnyxLocker Ransomware informs that someone named David has encrypted all of your files, but can offer you a solution. It is suggested that if you pay the ransom of $100 in Bitcoin (you are supposed to send it to the 3LV85h9s2y5c5DLi3YiACDKaR3tytmp3Lq Bitcoin wallet) and also contact the attacker at crypt@ctemplar.com, you will have your files decrypted. There is no explanation as to how that would happen, and that is a signal that someone is duping you. Of course, if the files that were encrypted are extremely important to you, you might decide that paying $100 is not that big of a deal. Well, if you do not want to waste money, paying the ransom is not something we would recommend doing. Unfortunately, we do not think that you would get your files decrypted if you paid the ransom requested by OnyxLocker Ransomware. What else can you do? If you have backups stored outside the infected computer, you should delete the infection and then replace the corrupted files using the copies you own. Let this be a reminder that you want to have copies of all of your personal files stored someplace else because you never know what could happen to the original files.

We cannot know where exactly the launcher of OnyxLocker Ransomware file is. The manual removal guide below lists a few potential locations, but it is possible that this file is someplace else completely. Due to this, victims of this malware might have a hard time eliminating it manually. That is no problem at all, as you can install legitimate anti-malware software to have the threat erased automatically. Besides deleting OnyxLocker Ransomware, this software can also provide you with comprehensive Windows protection, which, of course, is very important if you want to evade malicious threats in the future. It is not enough to secure your system, however. It is also important that you protect your files by backing them up outside the computer and that you do not enable malware yourself. Always be cautious about the emails you open, downloaders you use, links you click, and so on.

OnyxLocker Ransomware Removal

1. Delete all versions of the Прочти меня! {0-9}.txt file.
2. Move to the Desktop and Delete any .exe files that could represent the launcher.
3. Tap Win+E keys to access Windows Explorer.
4. Enter %USERPROFILE%\Desktop into the field at the top.
5. Delete any .exe files that could represent the launcher.
6. Enter %TEMP% into the field at the top and then Delete all files and folders.
7. Empty Recycle Bin and then quickly employ a malware scanner to check your system for leftovers.