*Frightening new ransomware now encrypts files even when you’re offline

By Mark Jones   …..

Ransomware is no joke. We’ve been warning you for some time now that ransomware is becoming a favorite for cybercriminals. Security experts are finding new forms of ransomware targeting victims almost every week.

Earlier this year we told you about a newly discovered form of ransomware called RAA. Now, RAA has evolved into a more effective and dangerous threat.

When RAA was first discovered it was expected to spread more rapidly than any other ransomware. That’s because it’s coded using JavaScript, which means it could spread at an unprecedented rate. RAA hides in an infected document that begins to encrypt your system as soon as the file is opened.

Windows machines typically block .exe and .bat files from running automatically. However, .js files are not blocked. This means that if you’re using Windows on your computer, the mere act of opening the file is enough to set the code into action and immediately encrypt your files.

Cybercriminals have made a change to RAA that makes it even scarier. This ransomware is still distributed by email, however, the malicious code is now hiding in a Zip attachment that is password protected. This makes it more difficult to be found by anti-virus software.

Also, the attackers are targeting businesses more than individuals due to a higher payout potential. The victims receive an email claiming to be about an overdue payment owed to a supplier. Information about the phony payment request is hiding in the infected Zip file.

Once the victim opens the Zip file, the ransomware begins to install. While the RAA is being installed, a text document will be displayed to distract the victim. When the installation is complete, a ransom note appears saying your files have been encrypted.

The newest version of RAA is more effective because it does not need to communicate with the command and control (C&C) server to encrypt the victims’ files. A Trojan generates its own master keys on the infected gadgets instead of requesting them from the C&C. This means even machines that are offline can be infected.

If a PC is infected, on top of having files encrypted, RAA also delivers a Pony Trojan. This is malware that can steal login credentials, which could let hackers spread the Trojan to the victims’ contacts.


Please Subscribe on our Home Page to receive updates as soon as they are published.

And please comment below, or visit our “Comments and Discussion” page and tell us what you think.

Data Source: http://bit.ly/2enZj4s


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s