OnyonLock Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 560
Category: Trojans

Ransomware infections are nasty software programs that encrypt files and demands a ransom fee. The OnyonLock ransomware is one of digital threats that can cause lots of trouble as it is programmed to lock up tens of files, including most popular formats such as .jpg, .doc, and .exe. Unlike many other similar infections, the OnyonLock malware does not lock the screen, which means that it is still possible to get to different locations, in some of which files containing a so-called ransom message is dropped by the infection. Ransomware has become a popular cyber weapon allowing crooks to lure unsuspecting computer users into paying up considerable amounts of money. Every message, no matter in what form, asking you to send money to a questionable account so that you can regain access to your data, should be disregarded as it is likely to be a criminals' attempt to deceive you.

The OnyonLock ransomware is an infection whose damage may be not be reversed if you do not have a back-up of your data. The infection encrypts photo files, documents, and many other files, and the encrypted files get the additional extension .onyon. The only software that remains intact is Internet browsers so that victims can access the Internet and buy the currency requested. Backing up your files on a regular basis should become your habit as ransomware threats are created and launched in great numbers almost every day. Your personal data should be stored safely so that you do not lose it when dealing with a data stealing Trojan horse or a threat encrypting your data.

When it comes to a ransom message, the OnyonLock ransomware creates multiple files, named !#_DECRYPT_#!.inf, which contain instructions for the victim. The ransom message informs the user that all files are locked up, but they can be decrypted after submitting a payment. To compel the unsuspecting user to pay up, the attackers suggest decrypting up to three files the total size of which does not exceed 10 MB. Interestingly, the user should not submit files that contain valuable information, which probably means that files contains personally identifiable information should not be sent for decryption. Moreover, the message says that the encrypted files should not be renamed.

In order get the data restored, the user is asked to contact the attackers via email decrypter@onyon.su. In comparison with other ransomware infections, the OnyonLock ransomware does not provide an exact price of decryption. According to the message, the decryption fee depends on when the attackers are contacted. The attackers also warn that no third-party decryption software should be used for bypassing the payment required as this practice may lead to permanent data loss. Cyber attackers want to sound as convincing as possible, but you should not trust the message dropped by the OnyonLock ransomware. Instead, you should remove it from the computer and make sure that further Internet browsing will not end up in the installation of malware.

As to payment method, the owners of the OnyonLock ransomware want bitcoins, an untraceable digital currency that is accessible to every one and used anonymously. The user is given a link to a website selling bitcoins but is not provided with the address of the digital wallet to which the money would be sent. The odds are that the attackers have several bitcoins accounts so that they remain unidentified, which is one the characteristics of bitcoins that is, money is sent from one account to another without central managing and without identifiable details. Unfortunately, this type of currency is now becoming a currency of cyber criminals as all the latest ransomare infections offer this payment method without any options.

The OnyonLock ransomware should be removed. On top of that, the system should be protected against multiple other threats circulating on the Internet. To achieve the best results, it is advisable to use a powerful malware and spyware removal program. As the OnyonLock ransomware does not create malicious files and registry keys in the Windows Registry, it is possible to eliminate the infection manually. You can do so with the help of our removal guide, but please note that we do not take responsibility for your actions.

How to remove OnyonLock ransomware

  1. Delete all the files named !#_DECRYPT_#!.inf.
  2. Press Win+E and open the Downloads folder.
  3. Delete all questionable files.
  4. Also check the desktop for recently downloaded files that could be malicious.
Download Remover for OnyonLock Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

OnyonLock Ransomware Screenshots:

OnyonLock Ransomware
OnyonLock Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *