RanRans Ransomware

What is RanRans Ransomware?

RanRans Ransomware is one of the newest ransomware-type infections specialists at anti-spyware-101.com have detected. If it ever successfully enters your computer, you will discover files located in %USERPROFILE% and %ALLUSERPROFILE% (including its subfolders) encrypted. The ransomware infection has been set to lock users’ personal files not without reason. Cyber criminals expect that this will help them to obtain money from users more easily. Even though the ransom RanRans Ransomware asks is quite small if compared to the amount of money required by other ransomware-type infections, do not encourage cyber criminals to continue developing malicious applications by sending them money. It is, of course, not the main reason you should keep the money to yourself. Specialists also do not recommend transferring money to cyber criminals because there are no guarantees that files could be unlocked. Unfortunately, it might be impossible to unlock files without the special decryption software users are told they could download from any of the three provided URLs (http://bit.ly/2pSvha0, http://bit.ly/2pSGjvO, and http://bit.ly/2qtVk8B) after paying a ransom, but it does not mean that you should go to send money.

What does RanRans Ransomware do?

RanRans Ransomware is a typical crypto-threat, so it will certainly not leave your files intact after successfully entering your computer. We would lie if we said that it encrypts files right away when it enters the system because it connects to https://ranrans.000webhostapp.com/write.php?info=, which seems to be its C&C server, before encrypting files. If the connection is successful, it starts encrypting files immediately and then, after appending the extension .ranrans to users’ files, it opens a window on Desktop that locks the screen and no longer allows users to access their programs and files. This opened window is a ransom note of RanRans Ransomware. It informs users that their PCs have been encrypted and now they need to send a ransom of $50 in Bitcoins. Your entire PC has not been locked, we can assure you, because the window you see can be easily removed. Unfortunately, we cannot say the same about those files having .ranrans because they have already been encrypted with the AES cipher. Luckily, this threat does not lock files in all directories, so the chances are high that it has missed your important files. You should still not go to pay a ransom if you have found your valuable data having a new extension because there are no guarantees that you will get it back. The fact that none of the links containing the decryption tool work at the time of writing only confirms that. It seems that the decryption tool has already been removed or URLs are broken. This means that you will not get a decryptor even if you pay a ransom, so keep the money in your pockets.

Where does RanRans Ransomware come from?

All ransomware infections are distributed similarly – they are usually spread via spam emails as attachments. RanRans Ransomware is no exception. Many users who encounter this threat remember opening an attachment from a spam email before discovering a screen-locking window placed on their Desktops. Researchers say that users can also download this infection from a corrupted website promoting malicious software. No matter how RanRans Ransomware enters your system, you will soon find out about its presence because it starts working the second its executable file is launched. Luckily, it does not make any copies of itself, does not block Task Manager, Registry Editor, or other utilities, and does not drop a bunch of new files on victims’ computers. Because of this, its removal should not be very complicated. Read the last paragraph to find more.

How to delete RanRans Ransomware

Since RanRans Ransomware opens a window on Desktop to make it impossible for users to use their PCs normally, you have to start its removal by removing this irritating window. This can be done by killing the process representing ransomware. Once the screen-locking window is gone, you could delete ransomware components completely and thus disable it. Our manual removal guide will help you to find and remove all the components of malware, but if it happens that you cannot find those files belonging to RanRans Ransomware anywhere, you should use an automatic malware remover to get rid of this threat.

RanRans Ransomware removal guide

Kill the malicious process

1. Press Ctrl+Shift+Esc simultaneously.
2. Open the Processes tab to see the list of all active processes.
3. Select the one belonging to RanRans Ransomware and kill it (right-click it and select End Process/End Task).
4. Close Task Manager.

Delete RanRans Ransomware

1. Open the Windows Explorer by pressing Win+E simultaneously.
2. Go to %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, %TEMP%, and %APPDATA%.
3. Delete all suspicious files you manage to find.
4. Empty the Recycle bin. Download Removal Tool100% FREE spyware scan and
   tested removal of RanRans Ransomware*

Stop these RanRans Ransomware Processes: