Random6 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 63 |
| First Seen: | July 6, 2017 |
| Last Seen: | January 18, 2023 |
| OS(es) Affected: | Windows |
The Random6 Ransomware is a ransomware Trojan that PC security researchers reported on June 29, 2017. The Random6 Ransomware may be delivered to victims through the use of corrupted email attachments, which will use macros to install the Random6 Ransomware onto the victim's computer. The Random6 Ransomware does not seem to belong to a larger family of ransomware, but it is probably the work of independent threat developers. The Random6 Ransomware poses a significant risk to the computer users' data, and PC security analysts counsel computer users to take steps to protect their data through the use of file backups and a reliable security application.
Table of Contents
There’s Nothing Random on the Random6 Ransomware Attack
Some of the content associated with the Random6 Ransomware will use the string 'johnnie,' which has led to the Random6 Ransomware also being referred to as the 'Johnnie Ransomware.' The name Random6 Ransomware comes from the fact that the Random6 Ransomware will mark the files affected by its attack with a new file extension made up of six random characters, such as the following (which have been linked to variants of the Random6 Ransomware):
- .llawex
- .dkdfln
- .pmxkab
- .upzbrf
The Random6 Ransomware will scramble the affected file's names and encrypt their contents using a strong encryption algorithm, making it nearly impossible to recover the files encrypted in the Random6 Ransomware infection. The Random6 Ransomware will use a strong encryption algorithm, targeting the user-generated files, which may include audio, video, images, various types of documents, databases, etc. Once the Random6 Ransomware encrypts a file, it will no longer be recoverable. The Random6 Ransomware's executable file also will be named with random characters (nine random characters, to be specific). The Random6 Ransomware will display a ransom notification that takes the form of a text file dropped on the infected computer's desktop. The Random6 Ransomware itself will remove all traces of itself from the victim's computer after encrypting the victim's files (probably to prevent PC security researchers from studying the Random6 Ransomware's code).
The Ordinary Ransom Note Displayed by the Random6 Ransomware
The main purpose of the Random6 Ransomware attack is to demand a ransom payment from the victim. The Random6 Ransomware's ransom note takes the form of a text file, which is named 'RESTORE-.[random 6-character extension used to mark the victim's files]-FILES.txt,' which contains the following message:
'Your files are Encrypted!
For decryption send letter on email filesrestore@tutanota.com in letter attach your Personal ID.
If email don't works, register here: http://bitmsg.me, send letter to BM-NBazWh9xNVf2SgmvLv8pc3Uc9CCXtXMu
With your Personal ID and email for contacts.
After you send payment to given BTC adress in answer, you will get your files restored.
Your Personal ID:
[128 RANDOM CHARACTERS]'
Dealing with a Random6 Ransomware Infection
Based on the sophistication of the Random6 Ransomware attack and similar ransomware Trojans uncovered previously, malware analysts suspect that it will be possible to release a decryption utility eventually, although one has not been liberated at the time of writing. While a decryption program is not released, computer users should take steps to protect their data from threats like the Random6 Ransomware. The best defense against ransomware like the Random6 Ransomware is to have file backups of your data. If you have the ability to recover your data quickly from a Random6 Ransomware infection using a backup, the people responsible for the Random6 Ransomware attack lose their power over you, which prevents them from demanding a ransom payment. Apart from file backups, it also is necessary to have a reliable security program that can intercept the Random6 Ransomware infection and remove the Random6 Ransomware Trojan itself. The combination of a security application that is fully up-to-date with file backups can be very effective against the Random6 Ransomware and similar threats. Since the Random6 Ransomware may be delivered using email attachments, learning to handle email attachments safely and similar unwanted content is also an important part of dealing with the Random6 Ransomware.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.