Aurora, also known as Animus and OneKeyLocker, is ransomware that was first observed at the end of May 2018.
Like other ransomware, Aurora is distributed via malicious spam email attachments. When a user executes Aurora it encrypts their files and appends them with either the .Aurora or .desu extensions. Files may also be renamed to the hexadecimal code of the original filename.
A text file is saved to the user’s desktop containing a ransom note demanding payment in Bitcoin. At the time of publication, there is no publicly available tool to decrypt affected files.
Indicators of Compromise
File hashes (SHA 256):
File hashes (MD5):
Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.