Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Ranion 1.08 Ransomware

Ranion 1.08 Ransomware is a yet another new danger that may encrypt your files and demand a ransom in return for the decryption key. We have found that this is a new variant of Ranion Ransomware, whose last version was known as Ranion 1.07 Ransomware. As a matter of fact, this malware infection is sold on the dark web as a RaaS (Ransomware as a Service); therefore, there could be a number of different versions actually. In other words, hackers and wannabes can buy the builder of this threat and customize it as they want. Thus, there may be different ransom fee as well depending on your sample. But whatever the fee is, we do not recommend that you pay anyway since there is little chance that you will get the decryption key from these cyber criminals. We advise you to remove Ranion 1.08 Ransomware as soon as possible instead.

If you find this ransomware program on board, it is possible that you executed a malicious file attachment that had come in a spam mail. Cyber crooks like to use spam campaigns since they can attack lots of potential victims at the same time. Such a spam can be very convincing; no wonder that so many victims may believe it and decide to open it in the end. In fact, this spam can claim that it has come from the local authorities regarding a parking fine you have not settled yet, but it may also appear to have come from your bank regarding suspicious transactions on your account. Since opening this mail will not give you satisfaction with regard to the details of the alleged urgent matter, it is quite likely that you will go on to open the attached file as well. This is the last click you will make before your files get encrypted, though. Unfortunately, after this point it is not possible for you to delete Ranion 1.08 Ransomware without consequences.

Apart from becoming more cautious with your e-mails, it is also essential that you update your browsers as well as your Java and Flash drivers in order to avoid possible infection via Exploit Kits. Cyber crooks can use such kits to drop such dangerous threats on your computer once you load their malicious page in your browser. Of course, you would not do this knowingly. But you may click on compromised links or corrupt third-party ads on suspicious sites or presented by malware infections on your system, and this is how you may get redirected to a website that uses Exploit Kits. If your programs are not up-to-date, you will probably have to delete Ranion 1.08 Ransomware or other dangers in the end.

When the malicious file is executed, this malware infection operates from this original file, even though it creates a copy of itself in your %PUBLIC% folder. The newly created file has a name based on the current date and time, e.g., "%PUBLIC%\r44s_2018-03-07 0205.exe." Once initiated, the original file hides itself by using the "Hidden" attribute, which may make it more difficult for you to identify it unless you set your File Explorer view to show hidden elements. This ransomware also creates a Run registry entry to start up automatically with your Windows.

This infection uses the AES algorithm to encrypt your files, which assume a ".ransom" extension to mark the change. Once all the operations are done and your files are encrypted, it also creates two ransom notes, one on the desktop, and one in %PUBLIC% folder with the same name: "README_TO_DECRYPT_FILES.html." Both of these files have a PoE (Point of Execution) in the Run registry entry to make sure that you are presented with the ransom note every time you attempt to restart your computer. You have to contact these criminals via e-mail ("0dayservices0@gmail.com") for the details of the payment. You have to transfer 999 USD in Bitcoin 7 days or else, your decryption key will be deleted; or, at least, this is what these crooks want you to believe. We advise you to remove Ranion 1.08 Ransomware as soon as you can because it is highly unlikely that paying the ransom fee will get you anything other than losing your money, too.

We have prepared the necessary instructions for you below this article. Please use it at your own risk since it includes editing the Windows Registry, which has its own risks if you are not skilled enough. If you would like to defend your PC against similar threats, first of all, you need to start making regular backups into cloud or onto removable media. Second, you should install a reliable malware removal tool, such as SpyHunter.

How to remove Ranion 1.08 Ransomware from Windows

  1. Press Ctrl+Shift+Esc to launch the Task Manager.
  2. Click on the malicious process.
  3. Press End task.
  4. Exit the Task Manager.
  5. Press Win+R and enter regedit. Click OK.
  6. Delete these registry keys:
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run::Message-2018
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run::Message-2018
  7. Exit the editor.
  8. Press Win+E.
  9. Locate the malicious file you launched and delete it.
  10. Delete the copy from %PUBLIC% as well as the two ransom note files called "README_TO_DECRYPT_FILES.html"
  11. Empty your Recycle Bin.
  12. Reboot your PC.
Download Spyware Removal Tool to Remove* Ranion 1.08 Ransomware
  • Quick & tested solution for Ranion 1.08 Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.