![]() Files of all common types can be encrypted, including the following: In addition to the fact that Ooii virus does not matter where the files are located, it also does not matter what type of files they are. If at the time of the ransomware attack a disk was connected to the computer, then all the files on it can be encrypted. It makes no difference where the files are located, on a hard drive or cloud storage. All other files on the victim’s computer will be encrypted. Therefore, it skips and does not encrypt Windows system files as well as files with the name ‘_readme.txt’. Ooii does not encrypt absolutely all files, as it will cause the computer to stop working. And most importantly, the security researchers have found a way to determine this key. ![]() In some cases, when the virus cannot establish a connection to its command server (C&C), it uses the so-called ‘offline key’. This key is unique for each victim, therefore it excludes the possibility of using the same key to decrypt files on different computers. ![]() ![]() The virus uses a long key to encrypt files. It encrypts files using a strong encryption algorithm. Ooii ransomware is a new malware that belongs to the STOP ransomware family. Screenshot of files encrypted by Ooii virus (‘.ooii’ file extension) QUICK LINKS
0 Comments
Leave a Reply. |