OnyxLocker Ransomware Removal Guide

Do you know what OnyxLocker Ransomware is?

OnyxLocker Ransomware is a threat that is targeted at users who speak Russian since it displays a message that is written in Russian only. Like most ransomware applications, it encrypts files and shows a note demanding to get in touch with the malware’s creators and pay a ransom. Based on the ransom note that our tested sample dropped, it looks like the threat’s developers want to receive a payment of $100. However, they ask to pay the sum in Bitcoins, which is usually the case as it helps hackers to remain anonymous. Of course, we recommend against doing what hackers may ask of you because there is a chance that you could be scammed. For instance, hackers might not hold on to their end of the deal or demand more money. No matter what you decide to do with your encrypted files, we recommend erasing OnyxLocker Ransomware with the removal guide placed below or a reputable antimalware tool. To learn more about the malware and its deletion, you should read the rest of this article.

While it is unknown how OnyxLocker Ransomware is spread for sure, our researchers say that it could be distributed through Spam emails, unsecured Remote Desktop Protocol (RDP) connections, and questionable file-sharing web pages. Thus, we advise you to keep away from data that comes from unreliable sources and get rid of your machine’s vulnerabilities, such as unsecured RDP connections. If you often open lots of files from various sources, and sometimes you cannot tell whether they are malicious or not, we recommend getting a reputable antimalware tool. After installing it, you could scan questionable files, whether they are received via email or downloaded from the Internet, with the chosen tool to learn if it is safe to open them.OnyxLocker Ransomware Removal GuideOnyxLocker Ransomware screenshot
Scroll down for full removal instructions

If OnyxLocker Ransomware gets launched, it should search for files that it could encrypt in the %USERPROFILE% subfolders called Desktop, Documents, Pictures, Music, and Videos. Also, the malware targets data available on the %APPDATA% folder. Our cybersecurity specialists say that the infection targets a wide range of different file types. Thus, it is fortunate that it encrypts data only in the mentioned locations. After encryption, locked files should receive the .onx extension; for example, a file called oranges.jpg would become oranges.jpg.onx. Also, at the end of the encryption process, OnyxLocker Ransomware should create ransom notes called Прочти меня! (translated to English the title says “Read me!”). Plus, each of these ransom notes should have a number, for example, Прочти меня! 0, Прочти меня! 1, etc.

The text inside of the described ransom notes should be written in Russian. It ought to explain why the user cannot open data marked with the .onx extension and how he can restore it by contacting OnyxLocker Ransomware’s developers and paying a ransom. As said earlier, dealing with hackers is dangerous and might end badly, which is why we do not recommend it. What we advise is deleting OnyxLocker Ransomware from your machine. If you think you can do this, you could erase it manually while using the removal guide placed below. Instead, you could get a reputable antimalware tool that would get rid of the threat for you.

Erase OnyxLocker Ransomware

  1. Restart your computer in Safe Mode with Networking.
  2. Click Windows Key+E.
  3. Navigate to the suggested paths:
  4. Find a file opened before your machine got infected, right-click the malicious file, and select Delete.
  5. Right-click files named Прочти меня! And press Delete to get rid of them.
  6. Exit File Explorer.
  7. Empty Recycle bin.
  8. Restart the computer.

In non-techie terms:

OnyxLocker Ransomware encrypts files mostly in the %USERPROFILE% and %APPDATA% folders or their subfolders. The threat was designed to do this so that hackers behind it could take your files as hostages and then demand to pay a ransom in exchange for tools needed to decrypt them. While it is true that creators of this particular threat might be the only ones who could restore your encrypted files, there are no guarantees that they will do so or will provide you with the needed decryption tools. Therefore, you should think carefully about whether it would be wise to trust these people. If you do not think so, we encourage you to ignore their demands. Also, we recommend deleting OnyxLocker Ransomware because leaving it unattended could still put your system at risk. If you decide to do so, we can offer our removal guide available above, or you could employ a reputable antimalware tool that could erase the threat for you.