A new form of ransomware that uses anonymous network connections and bitcoin demands has been detected.
Research by Kaspersky, the “Onion” ransomware uses The Onion Router (TOR) connections to make it harder to trace criminal activity and seize malicious control servers. The company claimed that the malware is being sold on underground forums and attracted international attention, and Kaspersky said that it expects further infections in other regions, especially in the US, UK and others, that have proven to be good “markets” for ransomware.
It works by silently encrypting a user’s documents are encrypted, and then uploading key-related data to its control server via TOR. It then displays a warning with a 72-hour countdown for payment by Bitcoin.