The new OphionLocker ransomware malware agent is described in following links:

http://trojan7malware.blogspot.co.uk/2014/12/ophionlocker-new-ransomware-on-scene.html

https://www.f-secure.com/weblog/archives/00002777.html

 

Last August, we wrote about a series of ransomware that included  SynoLocker and CryptoWall. In our Cryptowall post, we briefly mentioned the more advanced family of ransomware, CTB-Locker, which uses elliptic curve cryptography for file encryption and Tor for communication with the command & control server.

This week, another ransomware emerged using the same cryptography for encryption. It was first spotted by Trojan7Malware from a malvertising campaign that used RIG exploit kit. They dubbed the malware as OphionLocker.

Upon infection, this malware uses a Tor2web URL for giving instructions on how to send the payment and obtain the decrpytor tool.  Here is the message that will be shown to the user after encryption:  Entering the HWID will display the ransom message that asks for 1 BTC (Bitcoin)