The new OphionLocker ransomware malware agent is described in following links:


Last August, we wrote about a series of ransomware that included  SynoLocker and CryptoWall. In our Cryptowall post, we briefly mentioned the more advanced family of ransomware, CTB-Locker, which uses elliptic curve cryptography for file encryption and Tor for communication with the command & control server.

This week, another ransomware emerged using the same cryptography for encryption. It was first spotted by Trojan7Malware from a malvertising campaign that used RIG exploit kit. They dubbed the malware as OphionLocker.

Upon infection, this malware uses a Tor2web URL for giving instructions on how to send the payment and obtain the decrpytor tool.  Here is the message that will be shown to the user after encryption:  Entering the HWID will display the ransom message that asks for 1 BTC (Bitcoin)