The first half of 2020 has seen a surge in ransomware attacks. As people continue to work from home, cybercriminals continue to find new ways to try accessing systems with weak or no security protocols and encrypt files for monetary gain.
Understanding the Oonn Ransomware
Cybersecurity researchers have identified the Oonn malware as a notorious ransomware entity that was first spotted in August 2010. It is a product of the infamous Djvu ransomware family associated with 250+ other ransomware and viruses. Some of the known ransomware variants of the family include:
Security experts note that the Djvu ransomware family uses robust encryption algorithms, including AES-256. The ransomware’s strong encryption algorithm makes it difficult to recover encrypted files without the unique decryption key.
What Does Oonn Ransomware Do?
The Oonn ransomware mainly targets essential files in a computer system, encrypts them, then informs the victim that their files have been encrypted. The developers of the Oonn ransomware then demand a ransom from the victim to get their files back.
Oonn ransomware targets files on the system, such as:
- Photos (.jpg)
- Important documents, such as .doc, .pdf, .Xls, .mpg or zip
During the encryption process, the Oonn ransomware modifies the encrypted files and adds a .oonn extension to ensure that you cannot open the file. For example, after modification, a file such a “1.jpg” will appear as “1.jpg.oonn”, “1.xls” becomes “1.xls.oonn”, and so forth.
After encrypting the files, Oonn ransomware drops a _readme.txt ransom note, which is the attackers’ notification information. The notification warns the victims that they need to pay a ransom of $490/$980 in bitcoin digital currency and gives them an email contact such as [email protected] or [email protected] These email addresses will be used to reach them for file decryption.
Note: Do not contact the attackers or pay the ransom. You’re not sure if the decryption tool will work or if the attackers will plant more malware on your PC.
Under severe circumstances, the Oonn ransomware can permanently delete a user’s files or download other malware entities into the system to continue with its activities.
How Did Oon Ransomware Get into My Computer?
Like its predecessors, the Oonn ransomware is distributed through executables. Users can download the executables from dangerous sites such as torrents or spam emails containing infected attachments or links. The executables and links exploit a PC’s vulnerabilities and other system’s installed programs.
The Oonn ransomware can also be spread through other methods, such as:
- Bundled installation with shareware and freeware
- Dubious websites (web injects)
- Fake operating system updates
- Banking trojan
- Repackaged installers
Note: Despite these usual distribution methods, the Oonn ransomware is still infecting hundreds of users daily. The Djvu ransomware family releases new variants regularly and is currently the most prolific ransomware and crypto-malware on the internet.
How to Remove Oonn Ransomware
Oonn ransomware’s goal is not to corrupt the Windows system (but this might occur unintentionally) but to encrypt and lock files. It might self-delete like what other ransomware do after completing the data encryption.
However, you’ll still need to conduct a Oonn ransomware removal because:
- It might leave its traces on your system. The Djvu ransomware variants are known to distribute alongside other malware.
- It might install data-stealing elements in your browsers.
- If not removed, it might re-encrypt all recovered files.
To recover files encrypted by Oonn ransomware, you can:
- Decrypt them using a quality third-party decryption tool,
- Remove the Oonn ransomware using safe mode with networking or system restore, or
- Try data recovery using quality third-party tools.
Oonn Ransomware Removal Instructions
Here is the guide to Oonn ransomware removal:
If you decide to try the manual Oonn ransomware removal process, you risk losing your files. Oon sometimes rejects third-party decryption tools. If it does, your files risk being permanently compromised. So, make sure you have a backup before you proceed with the removal process.
- Use a strong anti-ransomware to scan your PC for Oonn ransomware.
The algorithms used by the Oonn ransomware can bypass the function and features of ordinary antivirus software. You will need to use a quality anti-malware with capability to conduct a full system scan.
Besides identifying the Oonn ransomware, the anti-malware program will detect and remove other malware entities on the PC. If you’re lucky, the anti-malware may remove Oonn. Otherwise, its algorithms often beat normal malware removal.
- Remove the Ooon ransomware using Safe Mode with Networking.
To reboot your PC to Safemode with networking and restore your files:
- Press the Power button at the Windows login screen.
- Press and hold Shift button and click Restart.
- Select Troubleshoot > Advanced > Startup Settings.
- Press Restart.
- On the Startup setting Window, select Enable Safe Mode with Command Prompt.
- On the Command Prompt window, enter cd restore and click Enter.
- Then type rstrui.exe, and press Enter again.
- On the new window, click Next and select your Windows Restore point before the Oonn infiltration.
- Click Next.
After the process, click Yes to restore.
- Decrypt .Oonn files using a decryption tool.
File decrypters keep changing as criminals continue developing new malware. To decrypt the Oonn encrypted files, use Emsisoft’s decryption tool and follow the instructions below:
- Download Emsisoft’s decryptor tool from the official site) and install it.
- Launch the Emsisoft’s tool as an administrator.
- It will give you an option to select the files you want to decrypt. Alternatively, let Emsisoft decryptor automatically identify files that need to be decrypted.
- Click the “decrypt” button to start the decryption process.
The file decryption process may take some time. Wait until the process is complete. The decryptor tool will notify you when the procedure is completed.
- Restore files using quality data recovery tools
Quality, third-party data restoration tools can help you restore and recover your data. Depending on the tool you choose, you need to conduct a full system scan and instruct it to recover all the encrypted files.
You don’t need to allow yourself to get to the point of having to restore your data. Although most ransomware attacks come without warning, some can be avoided. To avoid ransomware and other malware infections, maintain a clean computer, avoid dubious and torrenting sites, and most importantly, perform regular PC backups. You also need to ensure that your PC is always up to date and that you have active security software to protect your PC from malware.