OnyonLock Ransomware Removal Guide

Do you know what OnyonLock Ransomware is?

OnyonLock Ransomware appears to be a troublesome file-encrypting application as it might damage not only personal files but also program data. Pictures, photos, documents and other private files you can replace with copies from removable media devices or other storages, but as for damaged software, you would have to reinstall it. Of course, the malware’s creators may offer an option that might seem to be an easier way out of the situation. However, we advise you to consider their demands very carefully. Even if you comply and pay the ransom, there are no reassurances they will bother to deliver the promised decryption tool. Meaning, there is a risk you could lose your savings not just data on the PC. Thus, we recommend erasing the infection instead of putting up with its creators’ demands. For further information and instructions continue reading the rest of the text and have a look at the removal guide placed below it.

If the threat manages to infect the device, it might start encrypting files located on it without any delay. Our researchers say the malicious application does not need to install itself as it can work right from the directory where the user downloaded and opened its launcher. During the encryption process, OnyonLock Ransomware should mark each damaged file with a specific extension called .onyon, for example, Koala.jpg.onyon, Tulips.jpg.onyon, text.docx.onyon, etc. The next step should be showing the victim ransom note. The document could be named as !#_DECRYPT_#!.inf and the malicious application may place it in every directory containing encrypted data, so there should be quite a lot of copies of it.

The ransom note explains that “All your files have been encrypted due to a security problem with your PC.” In some way, it is telling the truth because if the system was secure and you were careful enough, the device would probably not have been infected. There are a few possibilities how users could come across OnyonLock Ransomware since the malware could be distributed through Spam emails, malicious software installers, suspicious pop-ups, harmful web pages, etc. To protect the system against threats alike, we advise you to stay away from unreliable file-sharing sites and other untrustworthy sites. Plus, it would be smart to get a reputable antimalware tool that could protect the system in critical situations and help you identify harmful content.

Furthermore, the rest of the ransom note mainly explains how to contact the malware’s creators and pay the ransom. These people decided not to mention how much the ransom is; therefore, it is entirely possible they will think of it only after the victim contacts them. Needless to say, we would not advise you to do so as dealing with these cyber criminals can be risky. After you pay the ransom, they might ask to pay even more. Not to mention they may not bother to send the decryption tool. If you do not think it is smart to take such chances we encourage you not to hesitate anymore and delete OnyonLock Ransomware from your system.

The removal guide placed below can explain to you how to look for the threat’s launcher and how to get rid of it once you find this file. Unfortunately, we cannot be more accurate as the malicious file could have a random name. Cleaning the PC from malware is not an easy task, so we recommend this option only for experienced users. The other way to remove OnyonLock Ransomware is to scan the system with a legitimate antimalware tool. No need to worry if you do not have it yet as you can acquire it at any time. Once the tool is installed, start a full system scan and wait for the results. Then, review detections or just click the deletion button and all of them should be eliminated automatically.

Erase OnyonLock Ransomware from the system

  1. Press Windows Key+E.
  2. Go to the following directories:
    C:\Users\{user}\AppData\Local\Temp
    C:\Users\{user}\Desktop
    C:\Users\{user}\Downloads
  3. Find the malware’s launcher (the suspicious file you opened before the device got infected).
  4. Right-click the infected file and press Delete.
  5. Erase all !#_DECRYPT_#!.inf files.
  6. Exit File Explorer.
  7. Empty the Recycle bin.
  8. Restart the PC.

In non-techie terms:

OnyonLock Ransomware is a malicious program created for money extortion. To force victims to pay the cyber criminals ransom, the malware is programmed to encrypt personal and program data on the computer. As a result, damaged files become unusable unless you have a decryption key. The infection’s creators offer such a tool, but in exchange, they demand to make a payment. Currently, it is still unknown how much they are asking users to pay, but even if the sum looks affordable, we would advise you not to risk it since you could end up being tricked. Instead, we recommend erasing the threat with the removal guide located above or a reputable antimalware tool.