Why Is It So Dangerous?
A New Trend
What Happens When a RAA Email Is Opened?
When an email containing the RAA ransomware is opened, the program encrypts important files on the victim’s computer so that the person is essentially locked out of those files. RAA then displays the ransom message (reported to be in Russian in this case) which demands that the victim pays $250 to reverse the encryption and release the files.
As well as locking the files and posting a ransom demand, RAA also extracts embedded password stealing malware called 'Pony' from the .js file and installs it onto the affected computer.
What Does This Mean For Your Business?
Clearly businesses need to raise awareness among staff that they all need to be very careful about opening emails with attachments and / or emails from sources that are not familiar.
Keeping computer updates, patches, and anti virus software up to date is also very important.
Having a reliable, secure back up of your important files and folders is also advisable if not essential in today’s business environment. It is also possible to instruct Windows not to start the Windows Based Script Host when a .js file is double-clicked, thus potentially stopping the RAA file from installing.
If your computer is infected by RAA be aware that there is currently no way to reverse the RAA encryption without paying the ransom, although paying the ransom in these cases is not advisable.