Categories: Ransomware

Ranion Ransomware-as-a-Service launched on the Dark Web for ‘Educational Purposes’

Ransomware-as-a-Service (RaaS) gateway that as of late propelled on the Dark Web is hawking access to a completely working ransomware dispersion organize at to a great degree low costs.

Called Ranion, this new RaaS administration was found by Radware security Researcher Daniel Smith, who discovered it filed on a Dark Web URL indexing service.

In spite of cases that Ranion was made for “educational purposes only,” the gathering behind this new administration is offering access to its ransomware circulation organize at costs of 0.95 Bitcoin/year ($960/year) or 0.6 Bitcoin/6 months ($605/6 months)

Target File Types:

Ranion ransomware will target the following file types

.txt, .rtf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .ods, .jpg, .jpeg,
 .png, .bmp, .csv, .sql, .mdb, .db, .accdb, .sln, .php,.jsp, .asp, .aspx,
 .html, .htm, .xml, .psd, .cs, .java, .cpp, .cc,.cxx, .zip, .pst, .ost, .pab,
 .oab, .msg

crooks said, they’re willing to extend the rundown with new extensions if clients need to target a greater amount of the client’s information.

As per the Ranion team, every purchaser will get access to a pre-arranged ransomware payload that takes a shot at both 32-bit and 64-bit Windows PCs, additionally to a backend board facilitated on the evildoer’s Tor concealed administration (.onion site).

When you will execute the Ransomware.exe it will encrypt any configured file type within PC (searching for files on C-Z HDDs) using an AES 256 key generated that will be sent to your C&C Dashboard. When finished it will create some README files on Desktop (in different languages) (already present eng, rus, ger, fra, esp, ita) and a banner message that will be executed to every Boot (providing details for payment to your Client). Our Ransomware doesn’t destroy your PC by encrypting exe files. Exes files will be not encrypted unless you want to do it.

Image source : Bleeping computer

      Ranion RaaS homepage                                      Ranion RaaS FAQ page

Ranion RaaS payments

Ranion’s less expensive plan of action may pull in more purchasers, yet many will likewise address if Ranion is a trick. To dispell any potential bits of gossip that they may be furtively capturing buy-off installments, the Ranion group is permitting purchasers to test their administration.

To wrap things up, the rental charge additionally incorporates access to the Ranion dashboard, which will furnish purchasers with data, for example, the ID of tainted PCs, the workstations’ usernames, and every casualty’s AES decryption key.

On the off chance that casualties pay, the Ranion RaaS gives a decrypter that “leaseholders” can send to influenced clients and permit them to recover their documents.

                                   Ranion RaaS contact page

A ransomware-as-as-service scheme is enabling even the most technically illiterate cybercriminal to extort payments from victims infected with data-encrypting malware — with the developers of the service taking a significant chunk of the ill-gotten gains.

“Ransomware attacks on businesses large and small reached 638 million last year, up from 2015’s 3.8 million, network security firm SonicWall has reported.”

In its 2017 Annual Threat Report, SonicWall said the rise of ransomware in 2016 was unlike anything it had seen in recent years, noting that the 634.2 million instance increase was “meteoric” in nature.

Also Read :

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

Recent Posts

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…

1 day ago

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…

2 days ago

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…

2 days ago

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…

2 days ago

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…

2 days ago

New Python NodeStealer Attacking Facebook Business To Steal Login Credentials

NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…

2 days ago