If you suddenly get a small dialog box saying “All your personal files as been encrypted,” then it is likely that your PC has been infected with Oxar Ransomware. Removing this program is highly recommended because complying with its demands to pay a ransom will get you nowhere. Indeed, its creators might not give you the promised decryption key, so your files can remain encrypted indefinitely. In this article, we will discuss this program’s distribution methods, functionality, and removal. So if you have been affected by this malware, then please continue reading.
Oxar Ransomware is yet another ransomware that belongs to the Hidden-Tear ransomware family. We have observed that their developers release new programs regularly and have been doing so for nearly a year now. During this time, the developers have managed to release dozens of ransomware-type programs that include but not limited to Unikey Ransomware, Resurrection Ransomware, and Decryption Assistant Ransomware. Unfortunately, there is no end in sight, it seems because new versions based on Hidden-Tear Ransomware are bound to appear once Oxar Ransomware has expired.
For the time being, however, this ransomware is alive and kicking. We think that it is currently actively distributed and can get onto your PC by stealth. Like its predecessors, it is distributed using malicious emails that can be disguised as legitimate. The emails can masquerade as invoices, receipts, and the like to trick you into opening a zipped file that contains this ransomware’s executable. The executable can be named Data_Locker.exe, but the name can be randomized as the name may appear suspicious to more vary users. If you open the file without downloading first, then it will be dropped in the %TEMP% folder, but if you download it first, then it will be dropped wherever you point all of your downloads to. If you run the executable file, then it will start encrypting your files immediately.
Oxar Ransomware can encrypt many file types that include .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, and many others. Its developers have configured it to encrypt them with an AES encryption algorithm that creates unique encryption and decryption keys for each unique user. The decryption key is not stored locally, however, but sent to a remote server. It is also worth mentioning that this ransomware adds an additional file extension ".OXR" after the original extension. Once the encryption is complete, this ransomware opens a window with a ransom note and instructions on how to pay. Its developers want you to send 100 USD-worth of Bitcoins their way in exchange for a decryption key. You have to specify your Client ID as well as your email address to receive the decryption key. However, the problem is that you may never receive this key because the cyber criminals might not send it to you. Whatever the case may be, your files might also be not worth the money, so you should consider deleting this ransomware instead of complying with its demands.
If your PC has become infected with Oxar Ransomware, then you should consider your options because the reality is that this program’s creators do not care whether you get your files back or not, so paying the ransom is a risk. Whether you pay it or not, you have to delete it anyway. You can use an anti-malware program such as SpyHunter or make use of the manual removal guide featured below.