Infinity Group - RAA Ransomware

Cyber Security alert – RAA ransomware virus

Cyber Security alert – RAA ransomware virus2017-04-12T15:38:23+00:00

Written by Matt Hartfield, Technical Director – 4th July 2016

What exactly is ransomware?

It’s a malicious computer virus that threatens to destroy your files or online reputation if you don’t pay the large fines set out by the criminals that create them. There is no guarantee that once you pay the fines your files will be returned and you may likely be targeted again.

The RAA ransomware virus

RAA is a new strain of ransomware that’s recently been discovered by security researchers. It’s disguised as a document attached to an email that once opened automatically starts encrypting files.

Unlike other ransomware viruses, RAA is coded entirely in javascript; which increases its chances of being activated because Javascript documents don’t always trigger a security warning on some operating systems nor require administrator access to run.

What are the consequences?

If a user does open the RAA ransomware file it will automatically encrypt all files and display a Russian ransom note on screen along with a set cost to restore all files. The only way to retrieve your files is to use a system backup or pay the fine to the hackers and keep your fingers crossed that you get your files back.

Here’s some useful tips to help protect your company from RAA ransomware attacks

  • We advise that awareness of the new RAA ransomware is made public within companies so employees are aware of it and are wary of opening attachments especially with a .js extension.
  • Ensure all company Antivirus software is active and kept up to date
  • Windows can be programmed not to start the “Windows Based Script Host” when a .js file is double-clicked. We recommend this is implemented on all Windows machines.
  • We also advise that macro enabled documents (such as .docm and .xlsm) are proceeded with great caution.

If you are looking to improve cyber security within your company to ensure malware attacks are kept at bay, please get in touch with one of our dedicated security consultants who would be pleased to discuss your needs in more detail.

We also supply Sophos Intercept X which is one of the most powerful endpoint protection products on the market at present. Click here to learn more about this fantastic product.

Share

You might also like...