Blog

Tricky Ransomware Encrypts Small Data But Overwrites Large Data

May 28, 2022 | Blog

The MalwareHunterTeam recently discovered a new ransomware operation that is particularly nasty.  Called Onyx, outwardly, the operation does what most ransomware campaigns do.  It gets inside a corporate network, exfiltrates the data that it wants, then seems to encrypt the rest, and then threatens to release the files to the broader public unless their demands for payment are met.

An additional fee is demanded to unlock the encrypted files, but there’s a catch in this instance.

Any file larger than 2MB in size is deleted and then overwritten before encryption to make it appear that the file is still intact.  Unfortunately, when victims pay the fee to have their files decrypted, they discover that the file is garbage and the actual file they wanted has been deleted.

This is not a flaw in the malicious code but rather an intentional design decision. It is implemented to inflict maximal pain on companies that fall victim to their attack.

The discovery was only recently made. So it’s quite likely that at least some companies have paid the demanded ransom in hopes of getting their files back, only to have those hopes dashed.

Given this fact, if you are hit with an Onyx attack, don’t pay the ransom.  It won’t do you any good, except where your smaller files are concerned.  Your only hope is to restore those files from backup, and you certainly don’t need to pay the ransom to do that.

Malware attacks in general and particularly ransomware attacks are an unfortunate part of corporate life these days.  Whether due to poor planning, faulty backups, or something else, some companies feel the need to pay the ransom and get on with the business of their business. However, in this case, the Onyx campaign proves that there is no honor among thieves.  Be careful out there.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech