Ransed Ransomware is an infection that, at the time of analysis, was not fully functional. Although this infection has the potential to encrypt files and request a ransom in return of a decryptor, the C&C server used by the developer of this infection is down. According to our researchers, the only server the threat is likely to connect to is ransed.ddns.net, but since this server is down, all that the infection can do is show the “A friendly message” pop-up indicating that the server is offline. Has the server been taken down permanently, or will it be restored? Unfortunately, we do not know this, and so we cannot predict whether or not the malicious ransomware will start spreading. If it does, you have to be prepared to fight against and, potentially, delete Ransed Ransomware.
Did you know what Ransed Ransomware is not the first infection to not work the way it is supposed to? BrainLag Ransomware, Unikey Ransomware, and Spectre Ransomware are other infections that are just as helpless. Of course, we must remember that although they do not work now, they could become dangerous in the future. Since these infections are not working properly, our knowledge regarding their activity is limited as well. For example, we cannot know for sure how Ransed Ransomware would spread if it was activated. Now, considering that the launchers of ransomware threats are usually spread via corrupted spam emails, it is possible that this is how the creator of this threat is thinking about spreading it as well. So, if you do not want to be exposed to malware, we suggest deleting spam emails that are sent by unfamiliar parties. Also, remember that spam emails can be convincing and misleading.
If Ransed Ransomware managed to attack, it should encrypt files with these extensions: .7z, .7zip, .asp, .aspx, .avi, .bmp, .c, .cpp, .cs, .css .csv, .db, .doc, .docx, .gif, .h, .html, .jar, .jpg, .jpeg, .mdb, .mp3, .mp4, .mus, .ogg, .odt, .php, .png, .ppt, .pptx, .psd, .rar, .sln, sql, .txt, .wav, .wave, .wmv, .xml, .xls, .xlsx, and .zip. If such files are stored on the infected computer, all of them should be encrypted using the AES-128 encryption algorithm. This algorithm is very complex, and deciphering it manually is basically impossible. Of course, the decryption of files is possible because a decryption key is created. The problem is that this key is in the hands of people who have developed the ransomware, and they are using it as leverage when introducing the victim to ransom demands. At the time of research, the infection could not display these demands, but our research team has found that a fee of $25 would be asked. At this moment, we do not have any other details regarding the payment.
The malicious ransomware is also known for creating the HKEY_CURRENT_USER\RANSED key in the Windows Registry. The entry name should be “key,” and the value should show a string of 32 characters. According to our research, the same key could be used for the decryption of the files if encryption occurred. However, if it did, the C&C server would have to be up, and if it was, the key would probably be deleted leaving the victim without this option. What if Ransed Ransomware encrypted your files and forced you to pay a ransom? You have to choose what to do yourself, but keep in mind that cyber criminals cannot be held accountable if they do not give you a decryption key after you pay the ransom.
Based on our findings, the removal of Ransed Ransomware should not be complicated. Having said that, this infection could evolve into something different, and so we cannot promise you that the guide below will guarantee success. If you decide to follow this manual removal guide, you MUST run a full system scan after you take all steps. Also, note that your files will not be decrypted even if you delete Ransed Ransomware completely. Have you thought about utilizing an anti-malware tool? It not only ensures the removal of existing threats but also can help you keep your operating system protected in the future!