OphionLocker Uses Next-Gen Encryption to Ransom Your Files

“Ransomware is now one of the fastest growing classes of malicious software,” according to Kaspersky Lab’s Fedor Sinitsyn. “In the last few years it has evolved from simple screen blockers demanding payments to something far more dangerous.”

The latest type of ransomware uses almost unbreakable next generation encryption software, called elliptic curve cryptography, to encrypt all data on your computer – photos, videos, documents, illustrations, databases, everything. You receive a message saying that if you want your files decrypted, you have to pay the hackers, usually in bitcoin, by a certain deadline. CryptoDefence, CryptoWall, CryptoLocker and GpCode are some examples.

OphionLocker: A Highly Complex Threat

A new family of even deadlier encryptors was discovered by Kaspersky Lab at the end of June. What sets them apart is that the cybercriminals use the TOR anonymity network to cloak their command and control servers, and use a highly complex and unorthodox cryptographic algorithm to ensnare their prey. Critroni was the first one, but Trojan7Malware discovered another last week, dubbed OphionLocker.

How It Works

Hackers launch a malvertising campaign – dropping infected ads in regular ad networks. When you click an infected ad, or let it load in your browser, OphionLocker is activated. It contains an RIG exploit kit malware preloaded with exploits for different web browsers and plugins. The kit cycles through the exploits until one works, poisoning your computer. According to F-Secure, you get a message like this:


Many text files also pop up demanding the ransom. If you want your files back, you have to pay the hackers one bitcoin (about $350) within three days. To do so, you have to visit the mentioned URL hosted on the TOR network:


‘HWID’ stands for hardware identification, a unique number OphionLocker generates per infected computer. Victims pay for the decryption keys. Once you make the purchase and enter the keys, your files are restored.

Protecting Yourself:

Preventing OphionLocker is easier when you have a capable antivirus, like Kaspersky’s CryptoMalware Countermeasures. Also, remember to update your browser with the latest security patches to reduce the chances that the RIG exploit kit will deploy. Defeating OphionLocker, however, is difficult since it comes with a preloaded public key, allowing file encryption to even if there’s no internet connection. Once you make the payment, OphionLocker generates the corresponding private decryption keys (server side) and sends them to you.

  • Bilal Iqbal

    Is it paid… ???

    • ScarletCrimson

      Do you even read the article bro? (No seriously!)

      • Bilal Iqbal

        It read it carefully.. and in the last..it was suggested to use kespersky solution to avoid.. research was also conducted by them. That’s why i asked because such types of articles are used to promote certain products… understand?????

        • ScarletCrimson

          In your original comment you wrote: “Is it paid… ???”

          You actually have to be more specific, as “it” actually covers a lot of things.

          • Bilal Iqbal

            Actually i was talking about article.. i know it would be a guest author post…but the content was some what informational and marketing related .. therefore i said “is IT PAID”. Just for fun..but peple rushed over it…thx for suggession :)

    • Muhammad Aamir

      Does it matter? No way!! If you want to read the article, read, otherwise leave :D

    • None

      Nops, its free to get infected – :P

      • Bilal Iqbal

        It must be mentioned… to determine about content.

      • Bilal Iqbal

        And paid to get rid ;)

  • Guest

    Simply! Use Ad Block Plus to avoid Ransomware, if it really comes from the ads.

  • Muhammad Ashraf

    The problem is viruses are developed by anti virus firms in order to keep their business running, despite the fact that antivirus software comes with heuristic analyzer since decade which scans the behavior of every program runs in order to protect possible virus even when anti virus files are not available for that particular virus but the feature so called heuristic analyzer has failed to blocked any new virus.

  • Tauheed Essa

    My browsers(chrome, mozilla, opera) open random sites automatically without even touching the keyboard and mouse. I have installed avast internet security registered in my name, I have reinstalled the browsers, did a full virus scan but problem is still there. Any help?