Onyx ransomware does not want to encrypt your files, but something much worse

We can say that ransomware has become one of the most feared computer security threats. It is a type of malware that aims to encrypt files and prevent the victim from opening documents or even starting the system. However, Onyx ransomware has an even worse goal. We are going to explain what it consists of and we will also give some tips to be protected.

Onyx, the ransomware that destroys everything

Onyx ransomware does not want to encrypt your files

Ransomware has traditionally sought to encrypt files and documents on attacked systems. It is something that affects both home users and companies. Once they achieve their goal, they ask for a payment to decrypt those files. But Onyx goes further and what it does is delete large files to prevent them from being decrypted even after the victim pays.

What Onyx does, like many other ransomware operations, is steal data from a network and then encrypt devices . Once this is done, they make use of a strategy that is on the rise: double extortion. It basically means that they encrypt your files, but also threaten to make them public.

But that’s not the thing. A group of security researchers from MalwareHunterTeam has detected something worrying, and that is that Onyx ransomware not only encrypts files, but also deletes them. Specifically, what it does is overwrite large files with random junk documents.

Onyx encrypts files smaller than 200MB, such as a text document, but overwrites (essentially deletes) larger files . This is certainly a serious issue as there is no way to decrypt those larger files. Even if the victim pays, the decryptor will only recover the smallest files.

Now, is this a bug or has it really been created for this purpose? According to the security researchers behind the discovery, it is clear from the source code that it has been developed with the goal of deleting the largest files, even if the victim pays the ransom.

Avoid ransomware

It is essential to be protected against ransomware and not have any security problems. For this, the most important thing is common sense . Generally, this type of malware is going to require you to make a mistake. For example, clicking on a file that comes to you by e-mail or opening a document that you have downloaded from a malicious page.

But it is also important to always have security programs . A good antivirus will help you eliminate malware and detect the entry of possible malicious software that compromises your system. Windows Defender itself is a good option and even has a dedicated anti-ransomware tool, but there are many more free and paid options available online.

On the other hand, it is essential to have the systems updated at all times. This will allow to reduce the field of attack. Many security threats take advantage of vulnerabilities in an unpatched system. These failures must be avoided and this is achieved through patches and updates.

In short, as you have seen, Onyx ransomware not only encrypts files, but also goes further and will delete files larger than 200 MB that you have on the system. Undoubtedly a threat to be taken into account and should be avoided. A ransomware attack can be fast, so it leaves no room for manoeuvre.