Ranzy Locker Ransomware

Posted: October 1, 2020

Ranzy Locker Ransomware Description

The Ranzy Locker Ransomware is a file-locking Trojan that's a possible update of the ThunderX Ransomware. The Ranzy Locker Ransomware attacks can stop users' files from opening by encrypting them, favoring digital media, such as documents. Appropriate backup precautions can assist with recovery, along with any credible anti-malware solutions for removing the Ranzy Locker Ransomware.

The Trojans that Supplement Their Extortion with Data Leaks

As some AES-Matrix Ransomware campaigns and other corporate entity-targeting threats show, leaking data to the public is a viable alternative to its destruction, in the right circumstances. One of the independent Trojans leveraging this technique, the ThunderX Ransomware, might have an upgrade for fall: the Ranzy Locker Ransomware. The latter (not a relative of 2016's supposedly 'educational Razy Ransomware) is swapping out some details for less-generic cosmetics, but most of its features are all but identical to ThunderX Ransomware's payload.

The Ranzy Locker Ransomware remains a Windows program with no signatures or other exceptional obfuscation besides the name of random numbers on its installer. The Trojan's behavior includes such archetypal attacks as:

  • The Ranzy Locker Ransomware encrypts digital media files, such as images, archives, documents, and spreadsheets and makes them non-openable in the process.
  • The Ranzy Locker Ransomware adds a customized extension ('RNZ') to the files' names without erasing the previous extension.
  • The Ranzy Locker Ransomware generates custom ID key files for victims inside the folders with the encrypted data.
  • The Ranzy Locker Ransomware deletes the Shadow Volume Copies or the Restore Points (with a CMD command).
  • The Ranzy Locker Ransomware delivers a ransom note in TXT, promoting the threat actor's premium recovery service.

The message is the most telling aspect of the Ranzy Locker Ransomware's payload. It's nearly identical to ThunderX Ransomware's note and carries over its more interesting qualities: the presumption of the victim's being a company server and the threat (possibly, a bluff) of leaking data. This warning gives the Ranzy Locker Ransomware another form of leverage against its targets for encouraging ransom transactions, even if the victim can recover their files from backups.

Plugging Leaky Servers before a Data Spill

Server admins always should take precautions for blocking file-locking Trojans and similar attacks, which may delete, lock or collect data at the attacker's pleasure. Passwords should never use overly-simple strings or commonly-known 'default' values (like 'admin123'), which would let hackers brute-force them relatively quickly. All software should always be kept as up-to-date as possible, lest publicly-known vulnerabilities provoke privilege escalation exploits and other attacks. More relevant to all employees, malware researchers recommend that users interact with care with any e-mail attachments, and leave macros disabled when in doubt.

The leaking of server information to the public isn't always more than a bluff, but some threat actors do traffic in this strategy. Companies should anticipate the potential theft of data, with unpredictable consequences, after encountering any attacker's accessing their servers remotely through e-mail exploits or other means. Since the Ranzy Locker Ransomware has no remote access capabilities by itself, its campaign may have additional tools, such as RATs.

Dedicated anti-malware products tend to be highly effective against file-locker Trojans, including the less-obfuscated ones, like the ThunderX Ransomware and its kin. Deleting the Ranzy Locker Ransomware should be trivial for any well-designed cyber-security product.

One Trojan without relatives spawning offspring always is a point worth watching for future development. Whether the Ranzy Locker Ransomware stays an only child or acquires future siblings, it's a problem for server admins that's not so easily resolvable by disinfection.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ranzy Locker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Ranzy Locker Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.