Ranion Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 71 |
First Seen: | February 7, 2017 |
Last Seen: | October 4, 2020 |
OS(es) Affected: | Windows |
The Ranion Ransomware is a ransomware Trojan that is being distributed online as part of a RaaS (Ransomware as a Service) service. The Ranion Ransomware RaaS was first observed on the Dark Web in February 2017 offering the Ranion Ransomware and a distribution service for a very low price to con artists. Supposedly, the people responsible for the Ranion Ransomware RaaS claim that it was created for educational purposes only. However, the Ranion Ransomware is being sold to con artists for subscriptions of 0.95 BitCoin per year or 0.6 BitCoin for six months. There is an apparent intent to distribute the Ranion Ransomware and carry out ransomware attacks on computer users. When purchasing the Ranion Ransomware service, the con artists receive the Ranion Ransomware's executable already configured to work on both 32-bit and 64-bit Windows operating systems, as well as a panel that is hosted by the controllers of TOR.
Table of Contents
How the Ranion Ransomware Attacks a Computer
When the Ranion Ransomware runs on the victim's computer, it will encrypt the victim's files, searching for files that match certain file types in the Ranion Ransomware's configuration. The Ranion Ransomware searches for files on all drives connected to the infected computer and uses the AES 256 encryption to make the affected files inaccessible. The Ranion Ransomware creates a README file on the victim's computer's Desktop, with several versions in different languages (PC security analysts have already observed ransom notes generated in English, Russian, German, French, Spanish and Italian). The Ranion Ransomware also will display a pop-up message that will appear every time the infected computer starts up. The Ranion Ransomware will target the following file types:
.txt, .rtf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .ods, .jpg, .jpeg, .png, .bmp, .csv, .sql, .mdb, .db, .accdb, .sln, .php, .jsp, .asp, .aspx, .html, .htm, .xml, .psd, .cs, .java, .cpp, .cc, .cxx, .zip, .pst, .ost, .pab, .oab, .msg.
The people responsible for the Ranion Ransomware attack claim that they will add more file types to the Ranion Ransomware's configuration files depending on the customer demand. According to these people, the Ranion Ransomware can evade 90% of the anti-viruses on the market.
The Ranion Ransomware Employs an Unusual Payment Model
Most RaaS services make their money by receiving a percentage of all the ransom payments, anywhere from twenty to sixty percent of the profits. The Ranion Ransomware RaaS does not generate profits this way, which may make it more attractive to con artists looking to carry out these attacks. However, this has led some people to question if the Ranion Ransomware isn't a hoax. One aspect of the Ranion Ransomware that is there to help counteract these rumors is that the Ranion Ransomware allows customers to test the Ranion Ransomware RaaS before paying for it.
The Ranion Ransomware and Other RaaS Services
These RaaS services may allow computer users to access dashboards that enable them to receive information about infected computers and ransom payments. There are several ways in which con artists can customize the Ranion Ransomware. All contact is done via email. Buyers are instructed to email the Ranion Ransomware's creators and to list the different details regarding their desired ransomware attack. Once the email has gone through, the customers will receive a link to their control panel and one where the customized the Ranion Ransomware executable can be downloaded. They also will be able to download a decryptor, which they would send to the victims to unlock the affected files.
RaaS services like the Ranion Ransomware are becoming popular increasingly. One of the dangers of these services is that they make these attacks increasingly easy for fraudsters to carry out. Now there is no technical knowledge required to carry out these attacks but simply access to the RaaS service and the money to purchase a subscription to the Ranion Ransomware or another RaaS service. RaaS services indicate that ransomware will continue to become more common, making it essential for computer users to protect their files with a reliable security program and use file backups.
The latest version of this RaaS threat that was released is the Ranion 1.08 Ransomware, observed by PC security researchers in the last week of February 2018. The Ranion 1.08 Ransomware is nearly identical to previous versions of Ranion but has been associated with new email addresses for contact and a distribution network that includes unsafe advertising.
The Ranion 1.08 Ransomware marks the files encrypted by its attack by adding the file extension '.Ransom' to the files affected by Ranion 1.08 Ransomware. This threat delivers its ransom note in the form of an HTA program window that demands a ransom payment of 999 USD using Bitcoin. The Ranion 1.08 Ransomware will deliver its ransom note in multiple languages, which include German, Dutch, Italian, Russian, Farsi, English and Spanish.
Like other Ranion variants, the Ranion 1.08 Ransomware will encrypt the user-generated files, which include media files and a wide variety of file types that are user-generated. While the Ranion itself is fairly widespread, the Ranion 1.08 Ransomware variant is only a small portion of these threats. Since the Ranion 1.08 Ransomware is not widespread significantly, PC security researchers strongly advise computer users to refrain from following its creators' instructors or paying any ransom associated with the Ranion 1.08 Ransomware Trojan.
SpyHunter Detects & Remove Ranion Ransomware
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | file.exe | 447af103027bb7cfa1c09538b38a6007 | 0 |
2. | file.exe | 72a1669e4c402bc24795badf7557f889 | 0 |
3. | 7bfe6671f4db73e4953e423c8e296473 | 7bfe6671f4db73e4953e423c8e296473 | 0 |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.