Ranion 1.07 Ransomware
Posted: November 30, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 166 |
First Seen: | February 7, 2017 |
---|---|
Last Seen: | October 4, 2020 |
OS(es) Affected: | Windows |
The Ranion 1.07 Ransomware is a Trojan that extorts payments from PC users by locking their files and, then, selling them an unlocking service. These attacks can include displaying pop-up alerts, requests for non-refundable currencies like Bitcoins, and changes to the names or extensions of the hostage media. Besides the relevance of backing up your files to devices the Trojan can't compromise, users can defend their PCs by finding and deleting the Ranion Ransomware with anti-malware programs with proven efficacy against file-locking threats.
A New Service for Imprisoning Your Files
Ransomware-as-a-Service (RaaS), is a popular business model among threat actors who want to offload the effort of conducting attacks with threatening software to others, who take many of the risks along with much of the work. By providing Trojans like the Ranion 1.07 Ransomware to third-party hands, they can profit more or less passively, other than advertising their software on underground forums. Although the Ranion Ransomware is a recent discovery, it also is cheap, and this fact could boost its distribution rates over those of more sophisticated competitors.
The Ranion Ransomware and its associated network-distribution features are being 'rented' to cybercrooks for a small price in upfront Bitcoins without demanding any additional cuts afterward, such as a percentage of the ransoms. The Trojan is Windows-based, and for vulnerable systems, can block a configurable range of formats by encrypting their files, such as TXT, RTF, BMP, ZIP or PPT. Malware experts have no further information on whether the Trojan implants a marker into the internal data of each file, or whether or not the Ranion 1.07 Ransomware includes any support for a name or extension-modifying trait.
The Ranion Ransomware's current releases that are available to the public include image-dropping features in their payloads that provide basic instructions on paying the ransom to buy the file-unlocking decryptor. These images also give a seven-day limiting timer, although malware experts can't confirm the Trojan's capabilities regarding implementing penalties for ignoring it, such as deleting media. Paying the Bitcoin ransom is, as usual, discouraged until you test other solutions for recovering your data to the fullest extent.
Doing Your Part against a RaaS Trojan's Profitability
The Ranion 1.07 Ransomware's business model isn't irrelevant to its victims, thanks to the potentially unpredictable nature it lends to any distribution or installation exploits. Paying cybercrooks are free to circulate the Ranion Ransomware's executable and install it in whatever method they please, including such vectors as e-mail attachments, exploit kit-based drive-by-downloads, and compromising networks by brute-force attacking their login combinations. The symptoms of the Ranion Ransomware infections, typically, will not appear until after the Trojan already locks all of the files that it can access and encrypt.
Secure, isolated backups are the only perfect solution to Trojan attacks using encryption-based features, which sometimes are decryptable by freeware, but, often, are impenetrable without the threat actor's help. Keeping anti-malware programs updated and active can help proactive users avoid installing this threat accidentally and should block and remove the Ranion Ransomware before its payload reaches its media-locking conclusion. Other than it using an AES-based cryptography, malware experts can give no data on this threat's locking feature or whether a third party program could decrypt it.
The most money for the least effort usually is the driving force behind any file-locking Trojan's attacks. Minding your security procedures and keeping the Ranion Ransomware from turning your locked files into its money is a small but essential step in curtailing the influence of a Ransomware-as-a-Service
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 262.65 KB (262656 bytes)
MD5: 447af103027bb7cfa1c09538b38a6007
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe
File name: file.exeSize: 246.78 KB (246784 bytes)
MD5: 72a1669e4c402bc24795badf7557f889
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
7bfe6671f4db73e4953e423c8e296473
File name: 7bfe6671f4db73e4953e423c8e296473Size: 269.31 KB (269312 bytes)
MD5: 7bfe6671f4db73e4953e423c8e296473
Detection count: 52
Group: Malware file