What Does Ranion Ransomware Do
Ranion ransomware is a new RaaS (ransomware-as-a-service) malware solution which is very dangerous.
This type of malware threats are sold on underground hacker markets and can be customzied to act against specific victims. Due to the modular structure of the ransomware, advanced modifications can remain undetected by some anti-virus solutions as the hackers have introduced significant changes to the code base.
An explanatory ransomware message gives further details
BUY – FAQ – CONTACT
We provide an already configured and compiled FUD Ransomware + Decrypter
We are the only that provide a FREE Anonymous C&C Dashboard via Onion to manage your Clients
We also provide additional FREE Customizations and DON’T take Fees from your Clients
DISCLAIMER: Our Products are for EDUCATIONAL PURPOSES ONLY.
Don’t use them for illegal activities. You are the only responsable for your actions!
Our Products/Services are sold with NO WARRANTY and AS ARE.
*** ranionjgot5cud3p.onion ***
…
-= CHOOSE YOUR PACKAGE =-
[PACKAGE #1] – 1 YEAR C&C Dashboard (RaaS) – Price: 0.95 btc
FUD Ransomware (AES 256 Encryption with a 30 chars long uncrackable key)
Decrypter
1 Year C&C Dashboard (to receive the AES keys from Clients)
We take NO FEES from your Clients
Optional: additional Crypter adding 0.1 btc
Optional: additional file types to encrypt for free (for all file types encrypted see FAQ)
Optional: additional client banner in your language for free (already present eng, rus, ger, fra, esp, ita)
[PACKAGE #2] – 6 MONTHS C&C Dashboard (RaaS) – Price: 0.60 btc
FUD Ransomware (AES 256 Encryption with a 30 chars long uncrackable key)
Decrypter
6 Months C&C Dashboard (to receive the AES keys from Clients)
We take NO FEES from your Clients
Optional: additional Crypter adding 0.1 btc
Optional: additional file types to encrypt for free (for all file types encrypted see FAQ)
Optional: additional client banner in your language for free (already present eng, rus, ger, fra, esp, ita)
-= HOW TO BUY =-
Send the Package’s price to following Bitcoin address: 1Lr9k7***
Write us an email to ranion(at)sigaint.org telling us:
– Chosen package
– Your Bitcoin address used to send us money
– Your own Bitcoin address to receive money from your Clients
– Your price to receive from your Clients (ie. 0.20 btc)
– Your email address to get contacted from your Clients
– Optional additions
Wait until we check your payment
You will receive an email with 2 links:
– The first one with your files (Ransomware + Decrypter)
– The second one with your dashboard
Your satisfaction is important! Contact us for any need.
Copyright (c) 2016-2017 – Ranion (RaaS)
This has provided us with enough information about Ranion. It appears that the virus is distributed in different packages according to the hacker purchase.
Package #1
This is the higher priced version of the Ranion ransomware. It gives its buyers 1 year of access to the malicious C&C servers for the price of 0.95 Bitcoins. This version uses the AES-256 cipher with a 30-characters long private decryption key.
Optional purchases includes additional cryptography modules, limited file type decryption services and custom banners and graphics.
Package #2
This is a lower-priced version which gives six months of C&C servers access for 0.60 Bitcoins. The other components are the same.
What is interesting about this particular virus is that its creators state that they have been active in the hacker underground for more than 10 years.
By default these file types are affected:
“.mdb”, “.db”, “.accdb”, “.sln”, “.php”, “.jsp”, “.asp”, “.aspx”, “.html”, “.htm”, “.xml”, “.psd”, “.cs”, “.java”, “.cpp”, “.cc”,
“.cxx”, “.zip”, “.pst”, “.ost”, “.pab”, “.oab”, “.msg”
How Does Ranion Ransomware Infect
The Ranion ransomware at the moment is being offered as a service on various hacker underground sites. This means that once the buyers acquire the virus code they can modify it and use various ways to launch attacks that infect with it.
Some of the popular methods include the following:
- Direct Exploit Kit Attacks – The hackers target software vulnerabiliies in the target system and directly deliver the Ranion ransomware payload upon intrusion.
- Spam Emails – The hackers can use spam messages that deliver the Ranion ransomware as an attached file or link directly to it in the body of the messages. In some of the more advanced scenarios the virus is attached to a document that poses as an invoice or another important file. When they are executed the victims are requested to start a malicious macros which delivers the virus.
- Malicious Redirects – Ranion ransomware can be delivered via all sorts of dangerous redirects such as browser hijackers and malicious ads.
- Software Installers – The Ranion ransomware can be delivered bundled with other software such as installers, games, patches and system tools.
Remove Ranion Ransomware
For the removal of this ransomware virus, recommendations are to use the instructions we have provided below. For fastest and most efficient removal however, you may want to download and scan your computer with an advanced anti-malware program. It will make sure to protect you in the future as well.
Booting in Safe Mode
For Windows:
1) Hold Windows Key and R
2) A run Window will appear, in it type “msconfig” and hit Enter
3) After the Window appears go to the Boot tab and select Safe Boot
Cut out Ranion Ransomware in Task Manager
1) Press CTRL+ESC+SHIFT at the same time.
2) Locate the “Processes” tab.
3) Locate the malicious process of Ranion Ransomware, and end it’s task by right-clicking on it and clicking on “End Process”
Eliminate Ranion Ransomware‘s Malicious Registries
For most Windows variants:
1) Hold Windows Button and R.
2) In the “Run” box type “Regedit” and hit “Enter”.
3) Hold CTRL+F keys and type Ranion Ransomware or the file name of the malicious executable of the virus which is usually located in %AppData%, %Temp%, %Local%, %Roaming% or %SystemDrive%.
4) After having located malicious registry objects, some of which are usually in the Run and RunOnce subkeys delete them ermanently and restart your computer. Here is how to find and delete keys for different versions.
For Windows 7: Open the Start Menu and in the search type and type regedit –> Open it. –> Hold CTRL + F buttons –> Type Ranion Ransomware Virus in the search field.
Win 8/10 users: Start Button –> Choose Run –> type regedit –> Hit Enter -> Press CTRL + F buttons. Type Ranion Ransomware in the search field.
Automatic Removal of Ranion Ransomware
Recover files encrypted by the Ranion Ransomware Ransomware.
Method 1: Using Shadow Explorer. In case you have enabled File history on your Windows Machine one thing you can do is to use Shadow Explorer to get your files back. Unfortunately some ransomware viruses may delete those shadow volume copies with an administrative command to prevent you from doing just that.
Method 2: If you try to decrypt your files using third-party decryption tools. There are many antivirus providers who have decrypted multiple ransomware viruses the last couple of years and posted decryptors for them. Chances are if your ransomware virus uses the same encryption code used by a decryptable virus, you may get the files back. However, this is also not a guarantee, so you might want to try this method with copies of the original encrypted files, because if a third-party program tampers with their encrypted structure, they may be damaged permanently. Here are the vendors to look for:
- Kaspersky.
- Emsisoft.
- TrendMicro.
Method 3: Using Data Recovery tools. This method is suggested by multiple experts in the field. It can be used to scan your hard drive’s sectors and hence scramble the encrypted files anew as if they were deleted. Most ransomware viruses usually delete a file and create an encrypted copy to prevent such programs for restoring the files, but not all are this sophisticated. So you may have a chance of restoring some of your files with this method. Here are several data recovery programs which you can try and restore at least some of your files: