Skip to main content

Onion: The new ransomware that is even harder to stop

The Internet just became way more treacherous with the news that ransomware has taken on an even more treacherous guise.

Related: How to stop Cryptolocker before the 2-weeks are up

Kaspersky Lab has uncovered a new version of the notorious malware, known as “Onion”, and it uses the Tor dark-web browser in order to "to hide its malicious nature, and to make it hard to track those behind this ongoing malware campaign".

Onion is a successor to the Cryptolocker ransomware that wreaked havok across the world as users infected by the malware were asked to hand over hundreds of pounds in the form of the virtual currency Bitcoin.

The new malware, which currently only affects Windows PCs, encrypts files in the same way as Cryptolocker and starts a similar countdown that lasts for 72 hours by which time all the files are deleted forever if a ransom isn’t paid.

Originating in Russia, it differs from Cryptolocker as the cybercriminals are using Tor to change the way it communicates with the “command and control” server that accepts payment and releases the decryption codes required to access the files.

“Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server,” stated Fedor Sinitsyn, senior malware analyst at Kaspersky, according to The Guardian. "All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there."

Security researchers are worried that the protection afforded by Tor gives Onion a step up on Cryptolocker and makes it a far greater threat that its older sibling.

Related: How to stay safe and avoid nastiness like Cryptolocker when browsing the web

Onion isn’t the first piece of malware to use Tor as a layer of protection with the Zeus malware that attacked banking infrastructure able to do so back in 2013 and the way the security industry handles Onion will be critical to Tor’s future use by cybercriminals.

Jamie Hinks

Jamie is a freelance writer with over eight years experience writing for online audiences about technology and other topics. In his time writing for ITProPortal he wrote daily news stories covering the IT industry and the worldwide technology market, as well as features that covered every part of the IT market, from the latest start ups to multinational companies and everything encompassed by the IT sector. He has also written tech content for our sister publication, TechRadar Pro. Jamie has since moved into sports betting content and is Content Manager at Betbull.