Security News > 2022 > April > Don’t expect to get your data back from the Onyx ransomware group

The group behind the Onyx operation is overwriting the data in those files with trash data rather than encrypting it, so the data cannot be recovered via a decryption key.

"There's a big problem: as the ransomware they are using is a trash skidware, it's destroying a part of the victims' files," analysts at the Malware Hunter Team wrote in a tweet.

"Like all ransomware attacks, there are no guarantees that an inflicted organization will be able to reconstitute its data even when the attacker provides a 'right' decryption key or prevent further related concerns," Fattah told The Register.

If a ransomware operation gains a reputation for not decrypting files after a payment is made, victims may be less likely to pay the ransom.

Ransomware groups like Conti and Maze two years ago began publishing some data even if the ransom was paid and Boyd noted that by 2021, only 8 percent of ransomware victims were getting their data returned.

The ransomware environment is even more unpredictable, with ransomware-as-a-service enabling less-skilled bad actors to launch sophisticated ransomware attacks and affiliates essentially acting on their own with little regard for what main group intends.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/29/onyx-ransomware-destroy-files/