A new family of ransomware, dubbed ONI, has been discovered being used as a wiper to cover up an elaborate hacking operation in targeted attacks against Japanese companies.
The name ONI, can mean “devil” in Japanese, and it also appears in the email address found in its ransom note. Attacks observed by Cybereason suggest that the malware lives up to its name. They generally to date have lasted between three to nine months, and all ended with an attempt to encrypt hundreds of machines at once. Aside from encrypting files on the infected machines, ONI can encrypt files on removable media and network drives—and there’s evidence that the true purpose of the attack is to exfiltrate and destroy data.
To read the entire article, please click here.