Cyber Security

New strain of RAA Ransomware virus encrypts offline machines

21st Sep 2016 | 3 min read

Email Phishing is the main delivery source of Ransomware viruses such as RAA, Zepto and Locky. However, surprising new figures from Juniper Research state that under one third of organisations actively monitor emails for Phishing attempts.

What is the new strain of RAA Ransomware?

The RAA Ransomware virus that emerged in June this year is still causing havoc to businesses around the world. However, in recent weeks the virus has been developed, and the data stealing ‘pony’ Trojan contained within can now install Malware to encrypt machines even if they’re offline. Learn more about the different types of Malware.

To make it much harder for anti-virus software to intercept the newer strain of the RAA virus, it now arrives via email in a password protected ZIP file (previously it was delivered in a standard Zip file). To further optimise the delivery rate, hackers now make the emails containing the malware sound less alarming to recipients as they mention that ‘due to security reasons’ the file attached has been protected.

What is The Pony Trojan?

The ‘Pony’ Trojan contained in the new strain of this virus is a form of data stealing Malware that’s capable of stealing the users login credentials.
For hackers, the ability to get their hands on corporate credentials is like gold dust. As login credentials provide the opportunity for them to use legitimate business accounts to easily spread the Trojan to a much wider audience within a business and increase their criminal bank balance. Login credentials are worth a lot of money and will likely be sold to other cyber criminals. This will likely mean that the original recipient may be targeted for a second or third time.

RAA Ransomware now targets businesses only

But last and probably most importantly, the first strain of the RAA Virus targeted all users both domestic and business. However, the focus has now switched to businesses only because the ransom set out can be much higher and seeing as the level of inconvenience is much greater and more credentials can be obtained, so are the chances of the ransom being paid.
There are several things your business can do to help prevent Malware Phishing attacks. The first starts with employee awareness as explained in our previous blog post. You could also undertake the Government backed Cyber Essentials Scheme.
For larger businesses we also stock a range of state of the are Malware protection from both Sophos and WatchGuard that can detect and prevent most Malware attacks. Intercept X from Sophos is one of the best on the market at present. Please get in touch to find out more.

Related blogs you may find useful

We would love to hear from you

Our specialist team of consultants look forward to discussing your requirements in more detail and we have three easy ways to get in touch.

Call us: 03301913473
Complete our contact form
LiveChat now: via the pop up

We would love
to hear from you_

Our specialist team of consultants look forward to discussing your requirements in more detail and we have three easy ways to get in touch.

Call us: 03454504600
Complete our contact form
Live chat now: Via the pop up