To do this, the victim must send them a small file to one of the email addresses specified in the ‘_readme.txt’ file. Attackers offer victims to verify that encrypted files can be decrypted. The size of the ransom is $980, but if the victim is ready to pay the ransom within 72 hours, then its size is halved to $490. That is, criminals demand a ransom for unlocking the victim’s files. This message says that all files on the computer are encrypted and the only way to decrypt them is to buy a key and a decryptor from the authors of the Ooxa ransomware. An example of the contents of this file is given below.
The file contains a message from the Ooxa authors. In every directory where there is at least one encrypted file, the virus places a file named ‘_readme.txt’. ooxa extension will be added at the end of its name. Each file that has been encrypted will be renamed, the. For example, the following file types may be the target of ransomware attack: The remaining files located on the victim’s computer can be encrypted. sys and files with the name ‘_readme.txt’.
ANY PDF TO DWG CONVERTER BAY WINDOWS
It skips without encryption: files located in the Windows system directories, files with the extension. Ooxa has the ability to encrypt files on all drives connected to the computer: internal hard drives, flash USB disks, network storage, and so on. The virus tries to encrypt as many files as possible, for this it only encrypts the first 154kb of the contents of each file and thus significantly speeds up the encryption process. The Ooxa ransomware encrypts files using a strong encryption algorithm and a key (‘offline key’ or ‘online key’, as described above). If the virus could not establish a connection with its command server, then it uses a fixed key (the so-called ‘offline key’). If the connection has been established, then it sends information about the infected computer to the server, and in response receives the encryption key (the so-called ‘online key’) and additional commands and malware that must be executed on the victim’s computer. The virus collects information about the victim’s computer and then tries to establish a connection with its command server (C&C). Upon execution, Ooxa creates a folder in the Windows system directory where it places a copy of itself and changes some Windows settings so that it starts up every time the computer is restarted or turned on.
ANY PDF TO DWG CONVERTER BAY DOWNLOAD
It is spread by websites offering to download freeware, key generators, Windows/Office activators, hacked software, torrents and so on. Ooxa ransomware is a version of the STOP (Djvu) ransomware. Screenshot of files encrypted by Ooxa virus (‘.ooxa’ file extension) QUICK LINKS
0 kommentar(er)
