Random6 Ransomware

Posted: July 3, 2017
Threat Metric
Threat Level: 8/10
Infected PCs 87

Random6 Ransomware Description

The Random6 Ransomware, also identified as 'Johnnie Ransomware,' is a Trojan that locks your digital media by encrypting and renaming it. Threat actors distribute this program to extort ransoms from the victims in return for a possible decryption service. Malware experts can confirm that this Trojan is decryptable by free methods and recommend isolating or deleting the Random6 Ransomware with anti-malware tools before restoring your content.

Opening a Folder to See Randomness at Work

Conventional wisdom says that file-encrypting campaigns with clear brand identities are more likely to persuade their victims into performing the 'desired' action, like paying a ransom without qualms. Some threat actors are happy with using a different philosophy in their attacks, however, like the newly identified Random6 Ransomware. The Trojan's name owes itself to its greatest signature being a set of six characters selected randomly that it adds to the user's files.

In attacks targeting businesses in nations such as Malaysia, the Random6 Ransomware is encoding local files with what appears to be an AES-based encryption algorithm. It also uses the Base64 to replace the names of any files it blocks (similar to the Spectre Ransomware and the Scarab Ransomware's campaigns), and adds new extensions consisting of six-letter, random character strings. The only real hint to the Random6 Ransomware's identity and purpose lies in the text messages it generates.

These Notepad files give the victim a personal identification number and an e-mail address for negotiating a ransom of the decryptor, although malware experts have yet to confirm details of the transaction (such as cost or currency preferences). Since the Random6 Ransomware, despite being a corporate-targeting Trojan, is vulnerable to free decryption methods, paying the threat actors to recover any encoded files should be regarded as wholly unneeded. For similar infections without such weaknesses, remote backups are the most secure way of protecting your data.

Keeping the Dangers of Randomization Off Your PC

By default, the Random6 Ransomware uses English ransoming demands that would make it appropriate, with no serious reconfiguration, for attacking various countries around the world, besides Malaysia. The Random6 Ransomware attacks entities that are most at risk from infection vectors such as the following:

  • The computer user may be mislead into opening a corrupted attachment, such as a fake document supposedly from a delivery company or an in-office machine.
  • Threat actors also can breach company servers directly by using brute-force tools to test different password and account name combinations until they find matching login credentials. Then, they may install the Random6 Ransomware or other threats manually.

Because the symptoms of the Random6 Ransomware infections are highly limited until after its encryption blocks your data, victims should try to practice prevention-based security steps, such as disabling macros and scanning new downloads. Many anti-malware products may remove the Random6 Ransomware as a threat automatically and before the file-blocking behavior can occur.

As a brand-new threat without ties to Trojans like the Jigsaw Ransomware or Hidden Tear, the Random6 Ransomware could offer surprises for the future. The extent of its attacks depends on the ambitions of its extortionist admins, who, hopefully, will show themselves as having poor work ethics.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Random6 Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications


The following newly produced Registry Values are:

Regexp file mask%ALLUSERSPROFILE%\install.res.exe
Home Malware Programs Ransomware Random6 Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.