RanRans virus is yet another foolish ransomware that doesn't function properly

RanRans ransomware is a crypto-ransomware based on the open-source HiddenTear virus[1]. The virus is set to encode all files on victim’s computer and demand a ransom of $50. The name of the virus is similar to RanRan, which is an entirely different malware variant[2].
During the encryption process, it marks each encrypted file with .ranrans file extension. The new file extension is added after the original file extension, so for example, a file called image.jpg becomes image.jpg.ranrans.
After corrupting all of the victim’s files, the virus displays a text message on the screen of the compromised PC. It asks the victim to send 50 USD in Bitcoin to provided Bitcoin address and then download a decryption tool from one of provided shortened URLs.
At the moment of writing, none of the provided links worked; therefore it is no longer possible to download the decrypter. However, it seems that these decryptors would be entirely useless without having the decryption key, which criminals promise to provide after receiving the payment from the victim.
According to research, the virus is developed by an inexperienced programmer, therefore it is full of errors and may not function properly. It means that the virus might corrupt the wrong files or delete some of them. It is also possible that the decryption means provided by cyber criminals might not be adjusted properly to work.
Due to these reasons, we do not recommend paying the ransom. We suggest you remove RanRans virus from your PC immediately. To complete this task, you might want to download and install a malware removal tool such as FortectIntego.
We do not advise you to attempt to remove the virus manually as this can result in system instabilities and other problems. You can find a complete RanRans removal guide right below this article.

Distribution of the malicious program
Malicious programs are distributed in quite different ways than potentially unwanted programs are. Usually, they travel in the form of malicious email attachments, software cracks or illegal software. You can also unexpectedly install them by clicking on compromised URLs online.
Since this virus is all buggy, we do not expect it to spread via ways used in Cerber or CryptXXX ransomware campaigns. It means that this virus might not enter your PC with the help of exploit kits or RDP attacks. However, it doesn’t mean that you shouldn’t take measures to protect yourself from such attacks.
To protect your computer from ransomware attacks, we highly recommend you to create a data backup, use a decent anti-malware software and keep all your programs up-to-date. It is also a good idea to stay away from shady Internet websites and avoid installing software from vague web sources.
Remove RanRans malware from your machine
Do not let the ransomware stay in your computer longer than it takes you to notice it. Remove RanRans virus using professional anti-malware programs after rebooting the computer into Safe Mode with Networking. We provided instructions on how to do it right below the article.
We would like to remind you that you should take RanRans removal seriously. It is a complicated task, and you shouldn’t attempt to delete the malware manually. For its removal, we suggest employing a professional malware removal tool. Remember that unsuccessful attempts to remove ransomware can cause even more problems to you.
If you do not understand this tutorial because English is not your native language, we suggest visiting sites like UsunWirusa[3] or DieViren.
Was this guide helpful?
Be the first to comment