As an IT Support Company in Hertfordshire we keep up to date with the latest developments in the world of data and cyber security. One of the growing trends over the last 6 months has been an increase in the use of malware, and particularly ransomware. So-called ‘ransomware’ is a type of malware that encrypts important files on the victim’s computer so that the person is essentially locked out of those files. The victim is then sent a demand for money to release the files.
RAA - A New Type of Ransomware
What Happens When a RAA Email Is Opened?
When an email containing RAA is opened the program encrypts important files on the victim’s computer. RAA then displays the ransom message (reported to be in Russian in this case) which demands that the victim pays $250 to reverse the encryption and release the files.
As well as locking the files and posting a ransom demand RAA also extracts embedded password stealing malware called Pony from the .js file and installs it onto the affected computer
What Does This Mean For Your Business?
Clearly businesses need to raise awareness among staff that they all need to be very careful about opening emails with attachments and / or emails from sources that are not familiar. Keeping computer updates, patches, and anti virus software up to date is also very important. Having a reliable, secure back up of your important files and folders is also advisable if not essential in today’s business environment. It is also possible to instruct Windows not to start the Windows Based Script Host when a .js file is double-clicked, thus potentially stopping the RAA file from installing. If your computer is infected by RAA be aware that there is currently no way to reverse the RAA encryption without paying the ransom, although paying the ransom in these cases is not advisable.