F-Secure reports that a new piece of ransomware named OphionLocker is being distributed via ad networks. First spotted by Trojan7Malware, OphionLocker encrypts a user's files before demanding a ransom of 1 BTC and directing them to smu743glzfrxsqcl.onion via tor2web.org for further instructions.
Once infected, OphionLocker prompts users with a warning which states:
Your important files you have on this computer have been encrypted : photos, videos, document, etc.
In order to recover these files you have to go to :
http://smu743glzfrxsqcl.tor2web.org/ and buy the key to decrypt all your files.
From now on you have 72 hours to pay or the key will be permanently deleted from our server and you won't EVER get your files back. Please go to :
http://smu743glzfrxsqcl.tor2web.org/ to see the procedure.
You can find this text on your desktop and document folders.