Oonn ransomware removal

Oonn ransomware is part of the Djvu/STOP ransomware family. It’s file-encrypting malware that adds the .oonn file extension to all affected files.


Oonn ransoware noteOonn ransomware is malware that will encrypt files and take them for hostage. It belongs to the Djvu ransomware family, which already has hundreds of versions. Most of them are more or less the same, and we have already reported on other members of this family, including Kuus, Nile, Kook and Erif ransomware.

The ransomware will encrypt files, add the .oonn file extension (e.g. image.jpg.oonn) and drop the _readme.txt ransom note. Users will not be able to open the files affected by this ransomware, and the only way to decrypt them would be to use a specific decryptor. The note will demand that victims pay $980, or $490 if contact is made within 72 hours, for the decryption tool. However, paying does not guarantee file decryption as there are no guarantees that the cyber crooks behind this malware will send one. Even if they do send one, it will not necessarily work properly. Thus, paying the ransom is never recommended.

If users have backup, they can access it and start recovering files as soon as they remove Oonn ransomware. If the ransomware is still present when backup is connected, backed up files may become encrypted as well.

Ransomware distribution

Ransomware is mostly distributed via spam emails, torrent sites, and fake update notifications. Unless someone is targeted specifically, it’s not difficult to avoid getting infected, as long as users are aware of what they should look out for.

Spreading ransomware via emails is very low-effort and still effective. Cyber criminals purchase email addresses from old data breaches and launch a malicious email campaign that distributes the ransomware. The emails are made to appear like they’re important, with senders claiming to be from known companies and organizations in order to pressure users into opening the malicious attachment. Though spam emails are usually a very poor attempt to appear legitimate, as they contain loads of grammar and spelling mistakes. They are also usually sent from nonsense email addresses that do not look professional in the least. Overall, users should always look for signs of an unsolicited email being malicious. Furthermore, it’s always a good idea to scan email attachments with anti-malware software or VirusTotal before opening them.

Torrent sites are also full of all kinds of malicious software because they’re not properly regulated, meaning anyone can upload anything. Malware is particularly often disguised as a torrent for a popular movie, TV series, game, software, etc. Users who are less careful can easily pick up malware by simply downloading torrents. This is one of the reasons why downloading pirated content is discouraged, in addition to it being essentially stealing.

Users should also know that malware can enter via vulnerabilities on a system. Known vulnerabilities are patched by updates, which are released on a regular basis. Installing them on a timely manner is important as that could stop malware from gaining access to the system. Users should consider enabling automatic updates whenever possible.

Is it possible to decrypt Oonn ransomware files

The ransomware targets files like photos, videos, documents, etc., mostly files that users usually find important. It encrypts them and adds the .oonn file extension, hence why this malware is known as Oonn ransomware. Once files are encrypted, users will not be able to open them. A ransom note _readme.txt will be dropped, and it will explain to victims that files have been encrypted and how to recover them. The note requests that users contact them via helpmanager@mail.ch or restoremanager@airmail.cc with their IDs which are displayed in the ransom note. Victims are asked to buy the decryption software for $980, or $490 if they make contact within 72 hours.

Here is the full ransom note:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

While it may seem like a good idea to pay the ransom, it’s never recommended. There have been numerous cases in the past where malware operators simply took the money but did not send anything in return.

Older versions of Djvu ransomware have a free decryption tool, released by malware researchers. Users can find more information here. Unfortunately, more recent versions remain undecryptable.

Backup is one of the most effective ways to fight ransomware, as having copies of files makes paying the ransom unnecessary. Users should regularly back up all important files in order to avoid losing them in cases like this.

Oonn ransomware removal

Users should use anti-malware software to delete Oonn ransomware, as that is a serious infection that can be difficult to get rid of. We cannot recommend users try to uninstall Oonn ransomware manually, as that could lead to even more problems. Once the ransomware is no longer present on the computer, users can start file recovery via backup.