Ransomware Research

Ran_jr_som Ransomware

Ran_jr_som is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2024, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Shadow.

Quick Facts

Ransomware Family
Ran_jr_som
First Seen
April 1, 2024
Known Aliases
Shadow

How Ran_jr_som Ransomware Works

File Encryption Patterns

Ran_jr_som modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..Shadow

Ransom Note and Payment Demands

After encrypting files, Ran_jr_som displays ransom notes demanding payment for file recovery:

filereadme.txt

Ransom message:

notes/readme.txt

Note locations:

Desktop

Technical Indicators

Associated Executable Files

The following executable files are associated with Ran_jr_som ransomware:

  • FaturaDetay_araskargo.com.tr.PDF.exe

Elastio Can Help You

Don't let Ran_jr_som ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This Ran_jr_som ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Ran_jr_som.

Last updated: July 30, 2025

Ran_jr_som Ransomware - Detectable by Elastio