The ransomware gangs targeting companies and organizations are getting crueler every day. The recently discovered ransomware operation named Onyx is destroying the large files on the target system instead of encrypting them. This process makes the large files practically become unrecoverable even if the demanded ransom was paid to the gang members.
The files larger than 200 MB are destroyed
The gang might ask for a second ransom since they have the only copies of the larger files
The gang extracts the data from the victim organizations, then to proceed into encrypting files. The data is then used for demanding money by threatening the organization to publicly release it; if they don’t pay. On the other hand, they also have the files encrypted which is also another threat to the victim. However, the files larger than 200 MB are immediately being rewritten in the encryption process, rather than being simply encrypted to be decrypted after payment.
According to MalwareHunterTeam’s research, the malware Onyx utilizes intentionally destroys the large files rather than a simple but destructive bug in its codes. The team warns companies not to pay ransom to the Onyx gang since they will not be able to decrypt the large files. They will most likely ask for a second ransom for the larger files, which they stole at the beginning of the process.