Home Malware Programs Ransomware Ranion 1.07 Ransomware

Ranion 1.07 Ransomware

Posted: November 30, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 166
First Seen: February 7, 2017
Last Seen: October 4, 2020
OS(es) Affected: Windows

The Ranion 1.07 Ransomware is a Trojan that extorts payments from PC users by locking their files and, then, selling them an unlocking service. These attacks can include displaying pop-up alerts, requests for non-refundable currencies like Bitcoins, and changes to the names or extensions of the hostage media. Besides the relevance of backing up your files to devices the Trojan can't compromise, users can defend their PCs by finding and deleting the Ranion Ransomware with anti-malware programs with proven efficacy against file-locking threats.

A New Service for Imprisoning Your Files

Ransomware-as-a-Service (RaaS), is a popular business model among threat actors who want to offload the effort of conducting attacks with threatening software to others, who take many of the risks along with much of the work. By providing Trojans like the Ranion 1.07 Ransomware to third-party hands, they can profit more or less passively, other than advertising their software on underground forums. Although the Ranion Ransomware is a recent discovery, it also is cheap, and this fact could boost its distribution rates over those of more sophisticated competitors.

The Ranion Ransomware and its associated network-distribution features are being 'rented' to cybercrooks for a small price in upfront Bitcoins without demanding any additional cuts afterward, such as a percentage of the ransoms. The Trojan is Windows-based, and for vulnerable systems, can block a configurable range of formats by encrypting their files, such as TXT, RTF, BMP, ZIP or PPT. Malware experts have no further information on whether the Trojan implants a marker into the internal data of each file, or whether or not the Ranion 1.07 Ransomware includes any support for a name or extension-modifying trait.

The Ranion Ransomware's current releases that are available to the public include image-dropping features in their payloads that provide basic instructions on paying the ransom to buy the file-unlocking decryptor. These images also give a seven-day limiting timer, although malware experts can't confirm the Trojan's capabilities regarding implementing penalties for ignoring it, such as deleting media. Paying the Bitcoin ransom is, as usual, discouraged until you test other solutions for recovering your data to the fullest extent.

Doing Your Part against a RaaS Trojan's Profitability

The Ranion 1.07 Ransomware's business model isn't irrelevant to its victims, thanks to the potentially unpredictable nature it lends to any distribution or installation exploits. Paying cybercrooks are free to circulate the Ranion Ransomware's executable and install it in whatever method they please, including such vectors as e-mail attachments, exploit kit-based drive-by-downloads, and compromising networks by brute-force attacking their login combinations. The symptoms of the Ranion Ransomware infections, typically, will not appear until after the Trojan already locks all of the files that it can access and encrypt.

Secure, isolated backups are the only perfect solution to Trojan attacks using encryption-based features, which sometimes are decryptable by freeware, but, often, are impenetrable without the threat actor's help. Keeping anti-malware programs updated and active can help proactive users avoid installing this threat accidentally and should block and remove the Ranion Ransomware before its payload reaches its media-locking conclusion. Other than it using an AES-based cryptography, malware experts can give no data on this threat's locking feature or whether a third party program could decrypt it.

The most money for the least effort usually is the driving force behind any file-locking Trojan's attacks. Minding your security procedures and keeping the Ranion Ransomware from turning your locked files into its money is a small but essential step in curtailing the influence of a Ransomware-as-a-Service

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 262.65 KB (262656 bytes)
MD5: 447af103027bb7cfa1c09538b38a6007
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
file.exe File name: file.exe
Size: 246.78 KB (246784 bytes)
MD5: 72a1669e4c402bc24795badf7557f889
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
7bfe6671f4db73e4953e423c8e296473 File name: 7bfe6671f4db73e4953e423c8e296473
Size: 269.31 KB (269312 bytes)
MD5: 7bfe6671f4db73e4953e423c8e296473
Detection count: 52
Group: Malware file
Loading...