Flacaruie

Recover encrypted files after Ranion ransom

Recommended Posts

Hi guys,

 

I've just been infected with Ranion ransomware and i reinstalled windows 7 professional but now a lot of pictures and pdf remained encrypted.

The files have .ransom after the extension.

I searched all over internet for a recovery solution but no success.

I have attached a sample file.

Thanks 

Bolt Carucior.JPG.ransom

Share this post


Link to post
Share on other sites

We usually recommend ID Ransomware due to the size of the database, and the fact that Michael Gillespie (the guy who created and maintains it) works closely with our own malware analysts.

Share this post


Link to post
Share on other sites
2 minutes ago, R.K said:

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

The file README_TO_DECRYPT_FILES.html is corrupted by protection of forum and I do not see email.
Put this file in the archive and attach to the new message. 

Share this post


Link to post
Share on other sites

Yes. This is Ranion Ransomware

We know about this ransomware and its iterations from the beginning of 2017.

Unfortunately, Emsisoft do not have a decryptor for files after this encryptor.

https://www.emsisoft.com/ransomware-decryption-tools/free-download

I also have not heard anyone release a decryptor for this problem.

As a results of the Internet search, you can find sites that report decryption. All this is a fraud and a lie.

Share this post


Link to post
Share on other sites
On 11/18/2019 at 12:57 AM, R.K said:

ransomware note said "The Key to Decrypt Your Files Will Be DELETED in 7 days"

That's not uncommon for ransomware. Some will even show you a countdown, and tell you that the cost of the ransom will double every so many hours without paying, and they'll permanently delete your files at the end of the countdown.

Unfortunately panic is a rather effective way to get money from people, and criminals have found that if they can increase the amount of panic that victims are feeling that they also increase the odds of victims paying the ransom.

Fortunately most of them never permanently deleted files or private keys, because in the long run they made more money if they gave victims a working decryption tool rather than saying "sorry, it's too late". I don't know for certain if the criminals behind this particular ransomware are bluffing or not, and there have been some cases where the criminals were serious (or where they had already destroyed the data before even asking for the ransom, or couldn't recover the data due to bugs in their ransomware even after the ransom was paid, etc).

Share this post


Link to post
Share on other sites
6 hours ago, R.K said:

I can't submit files in id-ransomware.malwarehunterteam. They're too much MB.

You don't have smaller files to submit?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.