Threat Database Ransomware Ranion Ransomware

Ranion Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 71
First Seen: February 7, 2017
Last Seen: October 4, 2020
OS(es) Affected: Windows

The Ranion Ransomware is a ransomware Trojan that is being distributed online as part of a RaaS (Ransomware as a Service) service. The Ranion Ransomware RaaS was first observed on the Dark Web in February 2017 offering the Ranion Ransomware and a distribution service for a very low price to con artists. Supposedly, the people responsible for the Ranion Ransomware RaaS claim that it was created for educational purposes only. However, the Ranion Ransomware is being sold to con artists for subscriptions of 0.95 BitCoin per year or 0.6 BitCoin for six months. There is an apparent intent to distribute the Ranion Ransomware and carry out ransomware attacks on computer users. When purchasing the Ranion Ransomware service, the con artists receive the Ranion Ransomware's executable already configured to work on both 32-bit and 64-bit Windows operating systems, as well as a panel that is hosted by the controllers of TOR.

How the Ranion Ransomware Attacks a Computer

When the Ranion Ransomware runs on the victim's computer, it will encrypt the victim's files, searching for files that match certain file types in the Ranion Ransomware's configuration. The Ranion Ransomware searches for files on all drives connected to the infected computer and uses the AES 256 encryption to make the affected files inaccessible. The Ranion Ransomware creates a README file on the victim's computer's Desktop, with several versions in different languages (PC security analysts have already observed ransom notes generated in English, Russian, German, French, Spanish and Italian). The Ranion Ransomware also will display a pop-up message that will appear every time the infected computer starts up. The Ranion Ransomware will target the following file types:

.txt, .rtf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .ods, .jpg, .jpeg, .png, .bmp, .csv, .sql, .mdb, .db, .accdb, .sln, .php, .jsp, .asp, .aspx, .html, .htm, .xml, .psd, .cs, .java, .cpp, .cc, .cxx, .zip, .pst, .ost, .pab, .oab, .msg.

The people responsible for the Ranion Ransomware attack claim that they will add more file types to the Ranion Ransomware's configuration files depending on the customer demand. According to these people, the Ranion Ransomware can evade 90% of the anti-viruses on the market.

The Ranion Ransomware Employs an Unusual Payment Model

Most RaaS services make their money by receiving a percentage of all the ransom payments, anywhere from twenty to sixty percent of the profits. The Ranion Ransomware RaaS does not generate profits this way, which may make it more attractive to con artists looking to carry out these attacks. However, this has led some people to question if the Ranion Ransomware isn't a hoax. One aspect of the Ranion Ransomware that is there to help counteract these rumors is that the Ranion Ransomware allows customers to test the Ranion Ransomware RaaS before paying for it.

The Ranion Ransomware and Other RaaS Services

These RaaS services may allow computer users to access dashboards that enable them to receive information about infected computers and ransom payments. There are several ways in which con artists can customize the Ranion Ransomware. All contact is done via email. Buyers are instructed to email the Ranion Ransomware's creators and to list the different details regarding their desired ransomware attack. Once the email has gone through, the customers will receive a link to their control panel and one where the customized the Ranion Ransomware executable can be downloaded. They also will be able to download a decryptor, which they would send to the victims to unlock the affected files.

RaaS services like the Ranion Ransomware are becoming popular increasingly. One of the dangers of these services is that they make these attacks increasingly easy for fraudsters to carry out. Now there is no technical knowledge required to carry out these attacks but simply access to the RaaS service and the money to purchase a subscription to the Ranion Ransomware or another RaaS service. RaaS services indicate that ransomware will continue to become more common, making it essential for computer users to protect their files with a reliable security program and use file backups.

The latest version of this RaaS threat that was released is the Ranion 1.08 Ransomware, observed by PC security researchers in the last week of February 2018. The Ranion 1.08 Ransomware is nearly identical to previous versions of Ranion but has been associated with new email addresses for contact and a distribution network that includes unsafe advertising.

The Ranion 1.08 Ransomware marks the files encrypted by its attack by adding the file extension '.Ransom' to the files affected by Ranion 1.08 Ransomware. This threat delivers its ransom note in the form of an HTA program window that demands a ransom payment of 999 USD using Bitcoin. The Ranion 1.08 Ransomware will deliver its ransom note in multiple languages, which include German, Dutch, Italian, Russian, Farsi, English and Spanish.

Like other Ranion variants, the Ranion 1.08 Ransomware will encrypt the user-generated files, which include media files and a wide variety of file types that are user-generated. While the Ranion itself is fairly widespread, the Ranion 1.08 Ransomware variant is only a small portion of these threats. Since the Ranion 1.08 Ransomware is not widespread significantly, PC security researchers strongly advise computer users to refrain from following its creators' instructors or paying any ransom associated with the Ranion 1.08 Ransomware Trojan.

SpyHunter Detects & Remove Ranion Ransomware

File System Details

Ranion Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 447af103027bb7cfa1c09538b38a6007 0
2. file.exe 72a1669e4c402bc24795badf7557f889 0
3. 7bfe6671f4db73e4953e423c8e296473 7bfe6671f4db73e4953e423c8e296473 0

Related Posts

Trending

Most Viewed

Loading...