BleepingComputer reports that the novel Onyx ransomware operation, which has already listed six victims on its data leak site, has been focused on destroying, rather than encrypting, large files, to avert potential file decryption in the event victims pay demanded ransoms.
While Onyx has been exfiltrating data from targeted networks and engaging in double-extortion attacks like other ransomware gangs, the group's ransomware has been observed by MalwareHunterTeam to overlay random junk data on files larger than 200MB, instead of applying encryption.
MalwareHunterTeam examined the source code of the Onyx ransomware and noted that the intentional encryption routine that allows the overwriting of random data has made the decryption of larger files impossible. Paying the ransom would only enable organizations impacted by Onyx ransomware to recover smaller files. The findings should prompt Onyx ransomware victims not to pay the ransom demanded by the group, according to MalwareHunterTeam.
Novel Onyx ransomware operation detailed
The novel Onyx ransomware operation, which has already listed six victims on its data leak site, has been focused on destroying, rather than encrypting, large files, to avert potential file decryption in the event victims pay demanded ransoms.
The U.S. Department of Justice announced that Ukrainian national Mark Sokolovsky, also known as raccoon-stealer, black21jack77777, and Photix, has admitted guilt in operating the Raccoon Infostealer malware-as-a-service operation.
Attacks part of the scheme — which were noted by Swiss authorities to have exceeded 260 between August 2023 and April 2024 — involved the suspects leveraging QR codes that redirected to payment platform-spoofing websites.
Information purportedly stolen by Meow ransomware included client and employee data, scanned payment files, personal details, addresses, banking details, certificates, and criminal records.