Ransomware Research
Ranion Ransomware
Ranion is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2017, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Ranion RaaS.
Quick Facts
- Ransomware Family
- Ranion
- First Seen
- April 1, 2017
- Known Aliases
- Ranion RaaS
How Ranion Ransomware Works
Targeted Files
Requires C&C Checks for date (should be less than Sep 2017) Protected with ConfuserEx https://app.any.run/tasks/722dc5be-234f-4e9a-b18b-003c9adcd45f/
File Encryption Patterns
Ranion modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..ransom
..Ransom
..r44s
Ransom Note and Payment Demands
After encrypting files, Ranion displays ransom notes demanding payment for file recovery:
README_TO_DECRYPT_FILES.html
Ransom message:
notes/README_TO_DECRYPT_FILES.html
Note locations:
Desktop
Technical Indicators
Associated Executable Files
The following executable files are associated with Ranion ransomware:
custom-2017.exe
doulcitoolv3.exe
MineCraft Hack + Setup TuT.exe
110622902.exe
36621558.exe
126459581.exe
ransom.exe
Curriculum.exe
pedo-child-porn-downloader.exe
libra.exe
r44s_2018-11-23 1217.exe
myfile.exe
r44s_2018-11-23 1132.exe
waint.exe
dll.exe
r44s_2018-11-23 1238.exe
r44s_2018-11-22 1024.exe
r44s_2021-08-20 0344.exe
r44s_2021-08-20 0628.exe
Factura vencida.exe
r44s_2021-09-13 0957.exe
demande de prix.exe
r44s_2021-09-04 0604.exe
r44s_2021-08-20 0103.exe
r44s_2021-08-18 1222.exe
Elastio Can Help You
Don't let Ranion ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Ranion ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Ranion.
Last updated: July 30, 2025