What is Oori ransomware

Oori ransomware, also known as .oori virus, is file-encrypting malware from the Djvu/STOP ransomware family. The moment it is initiated on a computer, the ransomware starts encrypting your personal files. The extension .oori will be added to all encrypted files. Unless you use a specific decryptor beforehand, you will not be able open files that have this extension. But obtaining the decryptor is a difficult endeavor given that the only people who have it are the hackers operating this ransomware. They will try to sell you the decryptor for $980, but it is not recommended to buy it or even get in touch with the hackers for the reasons we shall discuss below.


Oori ransomware note

How did Oori ransomware enter your computer?

Malware infections are often a result of users pirating copyrighted content using torrents. It is well known that torrent websites are frequently poorly moderated, which enables malicious actors to post torrents containing malware. Malware is typically found in torrents for popular content. For instance, malware is frequently found in torrents for movies, TV shows, video games, software, etc., especially if the content was only recently released. We strongly advise against using torrents to pirate. Not only is it effectively content theft, but it’s also potentially harmful to your data/computer.

Email is another common tool used by malware distributors. Leaked email addresses are widely available on hacker sites, which criminals buy by the thousands. Senders of malicious emails frequently pretend to be representatives of well-known companies and claim to be sending an important document that needs to be urgently reviewed. Because people often react more urgently when it comes to money, malicious emails are often about financial matters. However, the emails are typically very obvious. Grammar and spelling mistakes are frequently the biggest giveaway in these emails. When senders identify themselves as representatives of legitimate companies but their emails are riddled with errors, something is clearly off. The way an email addresses users can also reveal whether it is malicious. Malicious emails always address users with “User”, “Customer”, “Member”, etc. You would be addressed by name if you received an email from someone whose attachment you would need to open.

It’s a good idea to always check unsolicited email attachments with VirusTotal or anti-malware software before opening them. If malicious actors have access to personal information, some spam emails may be significantly more sophisticated. This typically happens when a specific person is a target and malicious actors put more time and effort into deceiving their victims.

What does Oori ransomware do?

Your personal files will immediately start to be encrypted as soon as ransomware is initiated. It will mainly target personal files that customers are most willing to pay for, such as photos, videos, images, documents, etc. The extension .oori will be added to all encrypted files. An encrypted text.txt file, for instance, would become text.txt.oori. Without first using a unique decryptor, files with this extension cannot be opened. Unfortunately, according to the _readme.txt ransom note, paying a ransom to get a decryptor is required. The note mentions a 50% discount for users who get in touch with the cyber crooks during the first 72 hours, but the standard price is $980. It’s debatable whether the discount part is true or not, but we do not advise paying the ransom or engaging with cybercriminals in any way. Remember that you are dealing with cybercriminals, who won’t feel obligated to assist you even if you pay.

You shouldn’t have any problems with file recovery if you have a backup. However, it’s essential that you use anti-malware software to first remove Oori ransomware from your computer. Do not try to remove Oori ransomware manually because you could end up causing more damage.

It will be more challenging to recover files if you don’t have a backup. A free Oori ransomware decryptor might be made available in the future, but you won’t find one at this time. It will be challenging for malware researchers to create it because this ransomware uses online keys to encrypt files. This means that each victim has a unique key that’s necessary to decrypt files. However, it’s not impossible that the cybercriminals themselves would eventually release the keys.

How to remove Oori ransomware

If you are unsure of how to remove Oori ransomware manually, do not even try. Use an anti-malware program. If you’re not careful, you can end up doing more harm to your computer if you try manual Oori ransomware removal. Additionally, if you connect to your backup after failing to completely remove the Oori ransomware, your backed-up files would also be encrypted. Therefore, you need to use anti-malware software to delete Oori ransomware. Once the ransomware is fully gone, it’s safe to connect to your backup.

Oori ransomware is detected as:

  • Win32:PWSX-gen [Trj] by AVG/Avast
  • A Variant Of Generik.CRBDESR by ESET
  • UDS:Trojan-Ransom.Win32.Stop.gen by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Packed-GDD!1DA4DDE8A489 by McAfee
  • Trojan:Win32/DllCheck.A!MSR by Microsoft


Oori ransomware note