Oxar Ransomware

What is Oxar Ransomware?

Our researchers have found a new ransomware called Oxar Ransomware. This malicious application is based on the Hidden-Tear project and is set to encrypt your files and then demand that you pay a ransom for a decryption tool/key to get them back. In short, its developers use it to extort money from you, and your files act as leverage. This program targets many file types, so many of your valuable files can become encrypted and remain that way indefinitely. Nevertheless, you may want to remove this program instead of complying with its demands because there is no guarantee that you will get the decryption tool/key once you have paid.testtesttest Please continue reading to find out more.

What does Oxar Ransomware do?

Unlike some ransomware-type malware, Oxar Ransomware does not lock the screen once it has infected your PC. However, it puts on a screen to overlay the desktop, but you can close it without difficulty. It puts on its graphical user interface (GUI) window that contains a ransom note as well as the Client ID and Bitcoin address to which you are expected to send the ransom. It also contains a line in which to enter the received decryption key.

According to our malware analysts, Oxar Ransomware is set to encrypt your files with a unique AES encryption algorithm. The ransomware generates a public encryption key and a private decryption key that have to match in order to decrypt your files. The encryption key is stored locally while the decryption key is sent to a remote server for storage. This ransomware starts encrypting files as soon as it is on your PC. It was configured to encrypt .aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, and .csv, among other file types. During the encryption process, this ransomware appends the encrypted files with an ".OXR" file extension that signifies which files have been encrypted. It does not seem to change the names of the encrypted files.

Once this ransomware has finished encrypting your files, it will load its GUI in full screen. Its creators want you to pay a 100 USD-worth of Bitcoins and send them to 16Vs1Z2yrYBM49GpipN3yz1WaMSYS8xm16. However, there is no guarantee that the developers will keep their word and send you the decryption key, so you should not trust them at all.

Where does Oxar Ransomware come from?

As mentioned in the introduction, Oxar Ransomware is based on the Hidden-Tear Ransomware project, so it is similar to Unikey Ransomware, MoWare H.F.D Ransomware, Executioner Ransomware, and several other programs. Their developers release new versions regularly to ensure a steady stream of ransom payments.

Researchers have concluded that Oxar Ransomware is distributed through malicious emails that spam the inboxes of unsuspecting users. The main executable file is attached to the email that can be disguised as anything from an invoice to a tax return form. The file can be zipped as well, and if you open it, then its temporary copy will be placed in the %TEMP% folder and remain there. Researchers say that Data_Locker.exe is a file that is associated with this ransomware and they think that it can be the name of its main executable. Now that you know all there is to know about it, you should take action against this malicious program.

How do I remove Oxar Ransomware?

We hope you found this short description insightful and now that paying the ransom is a risk because its creators might not keep their word and give you the decryption key once you have paid. Therefore, we advocate for the safe removal of Oxar Ransomware using an anti-malware program or the manual removal guide featured below. Keep in mind that the location and name of the malicious file can vary, so detecting it can be tricky. If you cannot find the ransomware, then use SpyHunter’s free scanner to detect it.

Removal Guide

  1. Press Windows+E keys.
  2. In the File Explorer’s address box, typethe following file paths.
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
    • %TEMP%
  3. Press Enter.
  4. Identify the ransomware’s executable (e.g. Data_Locker.exe)
  5. Right-click it and click Delete. 100% FREE spyware scan and
    tested removal of Oxar Ransomware*

Leave a Comment

Enter the numbers in the box to the right *