Random6 Ransomware
Posted: July 3, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 148 |
| First Seen: | July 6, 2017 |
|---|---|
| Last Seen: | January 18, 2023 |
| OS(es) Affected: | Windows |
The Random6 Ransomware, also identified as 'Johnnie Ransomware,' is a Trojan that locks your digital media by encrypting and renaming it. Threat actors distribute this program to extort ransoms from the victims in return for a possible decryption service. Malware experts can confirm that this Trojan is decryptable by free methods and recommend isolating or deleting the Random6 Ransomware with anti-malware tools before restoring your content.
Opening a Folder to See Randomness at Work
Conventional wisdom says that file-encrypting campaigns with clear brand identities are more likely to persuade their victims into performing the 'desired' action, like paying a ransom without qualms. Some threat actors are happy with using a different philosophy in their attacks, however, like the newly identified Random6 Ransomware. The Trojan's name owes itself to its greatest signature being a set of six characters selected randomly that it adds to the user's files.
In attacks targeting businesses in nations such as Malaysia, the Random6 Ransomware is encoding local files with what appears to be an AES-based encryption algorithm. It also uses the Base64 to replace the names of any files it blocks (similar to the Spectre Ransomware and the Scarab Ransomware's campaigns), and adds new extensions consisting of six-letter, random character strings. The only real hint to the Random6 Ransomware's identity and purpose lies in the text messages it generates.
These Notepad files give the victim a personal identification number and an e-mail address for negotiating a ransom of the decryptor, although malware experts have yet to confirm details of the transaction (such as cost or currency preferences). Since the Random6 Ransomware, despite being a corporate-targeting Trojan, is vulnerable to free decryption methods, paying the threat actors to recover any encoded files should be regarded as wholly unneeded. For similar infections without such weaknesses, remote backups are the most secure way of protecting your data.
Keeping the Dangers of Randomization Off Your PC
By default, the Random6 Ransomware uses English ransoming demands that would make it appropriate, with no serious reconfiguration, for attacking various countries around the world, besides Malaysia. The Random6 Ransomware attacks entities that are most at risk from infection vectors such as the following:
- The computer user may be mislead into opening a corrupted attachment, such as a fake document supposedly from a delivery company or an in-office machine.
- Threat actors also can breach company servers directly by using brute-force tools to test different password and account name combinations until they find matching login credentials. Then, they may install the Random6 Ransomware or other threats manually.
Because the symptoms of the Random6 Ransomware infections are highly limited until after its encryption blocks your data, victims should try to practice prevention-based security steps, such as disabling macros and scanning new downloads. Many anti-malware products may remove the Random6 Ransomware as a threat automatically and before the file-blocking behavior can occur.
As a brand-new threat without ties to Trojans like the Jigsaw Ransomware or Hidden Tear, the Random6 Ransomware could offer surprises for the future. The extent of its attacks depends on the ambitions of its extortionist admins, who, hopefully, will show themselves as having poor work ethics.
Technical Details
Registry Modifications
Regexp file mask%ALLUSERSPROFILE%\install.res.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.