Do you know what Ranion 1.08 Ransomware is?
Ranion 1.08 Ransomware is probably the worst infection that you can find on your system right now as it can encrypt all your personal files and demand a ransom fee in exchange for the decryption key. Our researchers say that this ransomware is not the first one of its kind. In other words, it is indeed the latest version built on Ranion Ransomware. As a matter of fact, the previous one was called Ranion 1.07 Ransomware. As far as we know, the predecessors did not really work properly; they did not actually encrypt files; at least, the samples we tested in our internal lab did not do so. In fact, this malware infection is sold on the dark web as RaaS (Ransomware as a Service), which also means that you may find different versions in circulation. It is possible that the different version target other file types or demand more money then others; it all depends on the individual hacker or criminal who buys this threat. We hope that you have a backup of your files that you can use now because we cannot think of any other ways for you to recover your files. We advise you to remove Ranion 1.08 Ransomware immediately and then, you can transfer your clean files back onto your PC.
You can easily infect your system with this beast if you carelessly open e-mails in your account. This ransomware can be spread as a malicious attachment in spam e-mails. However, this e-mail may not strike you as a spam at first sight. In fact, it may make you believe that you are dealing with an important mail that you need to open right away. This is a mind trick really. These cyber crooks may use sender name and e-mail address combos as well as subject lines that may totally appear to be authentic and urgent. For example, if you get a mail that claims to come from the local police department regarding any matter really, you would be likely to want to know what it is about, right? But the same can be probably true when this spam regards an issue with your credit card information, an online hotel booking, and so on. You see now how easy it is to manipulate people to even infect their own system? How? Well, this spam will instruct you to download and open the attached file, which is indeed the malicious executable. As a consequence, you will not be able to delete Ranion 1.08 Ransomware without losing your files to encryption. Hopefully, you see now how important it is that you be more cautious around your mails.
Ranion 1.08 Ransomware screenshot
Scroll down for full removal instructions
When you execute this malicious file, it creates a copy of itself in your %PUBLIC% directory called "r44s_2018-03-07 0205.exe" or something similar. As you can see, there is a sort of time stamp in the name, which is obviously the time and date when you launched it. Strangely enough, though, the encryption is operated through the original file. This copy appears in a Run registry entry, which is to make sure that this vicious attack starts up automatically every time you log in to your Windows. The original malicious file also hides itself (by using the "Hidden" attribute); therefore, you will need to set your File Explorer to show hidden elements if you want to be able to delete it when you remove Ranion 1.08 Ransomware from your system.
This dangerous threat uses the AES algorithm to encrypt all your important files. The infected files add a ".Ransom" extension. This ransomware program drops two identical .html ransom note files named "README_TO_DECRYPT_FILES.html"; one in your "%PUBLIC%" folder and one, on your desktop. This note tells you to send an e-mail to "0dayservices0@gmail.com" with your ID (you can find it in the note) and you are supposed to get a reply message with the decryption key as long as you pay 999 US dollars in Bitcoin within 7 days. We do not recommend that you pay at all. In fact, we think that it is best to remove Ranion 1.08 Ransomware as soon as possible.
We have prepared a guide for you below this report, which you can use if you want to take action now and do it manually. Of course, it may not be your cup of tea to hunt down such dangerous threats on your own. It is also possible that you may not be able to protect your computer against such dangers in the future. So, if you are looking for an effective solution, we advise you to install a trustworthy anti-malware program, such as SpyHunter.
Remove Ranion 1.08 Ransomware from Windows
- Open the Task Manager by tapping Ctrl+Shift+Esc.
- Select the malicious process and press End task.
- Close your Task Manager.
- Tap Win+R and type regedit. Press OK.
- Delete the following registry keys:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run::Message-2018
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run::Message-2018 - Close your editor.
- Tap Win+E.
- Find and delete the malicious .exe file you saved and executed.
- Delete the copy from the %PUBLIC% folder (it looks similar to "%PUBLIC%\r44s_2018-03-07 0205.exe").
- Delete the two ransom note files called "README_TO_DECRYPT_FILES.html"
- Empty your Recycle Bin and restart your computer.
In non-techie terms:
Ranion 1.08 Ransomware is a dangerous malware infection that can sneak onto your system and encrypt all your personal files to extort money from you for the decryption key. Although you may actually have 999 dollars to pay as a ransom for your files, we do not advise to do so unless you want to risk losing your money, too. There is little chance that these cyber criminals will send you the key in the end. Of course, it is all up to you what you decide to do. But, if you have a backup saved on a portable device, it would make more sense to remove Ranion 1.08 Ransomware and then, copy your clean files back. Unfortunately, we have not found any free file recovery tools that could help you restore your encrypted files. Therefore, all we can advise you to do is remove Ranion 1.08 Ransomware as soon as possible and install a reliable anti-malware program to protect your PC from future threats.