RAA Ransomware. Latest ransom is created by using Javascript entirely.

RAA Ransomware is yet another new development into the family of the malware attacks. Rasnomware keeps surprising with new, fast growing major upgrades and new advancements. And here is a new RAA Ransomware discovered by security researchers that is created by using Javascript (Jscript) entirely. Previously we had seen ransomware using NodeJSand wrapped inside an executable named Ransom32. The difference between RAA and Ransom32 is that RAA Ransomware is standard JS file, rather than executable delivery. Of course the purpose of all ransom is the same. It will hijack victims files by encrypting them and demand ransom usually in bitcoin. Files are encrypted using AES algorithm, adding file extension “.locked” at the end of the locked files. The ransom note is displayed to the victim along with “!!!README!!!<ID>.rtf” folder, asking affected users to contact via email address [email protected]

RAA Ransomware

RAA is still using the common way to be distributed. It comes to users computer system through spam emails attachments pretend to be doc files or compromised URLs. Once JS file is opened it will encrypt victims files and then demand them for a ~$250 USD to get the files back. Even worse, it will install  Pony password stealing malware. The target are files in value of the of the victims such as the following extensions:

.doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar, .csv

Security researchers confirmed that shadow copies are deleted so user can’t perform system restore. While ongoing encryption process RAA Ransomware will skip files already with .locked extension and or anything into the following folders:

Windows, RECYCLER, ProgramFiles(x64)(x86), Recycle.Bin, APPDATA, TEMP, ProgramData, Microsoft

Once executed it will scan all storage device and determine if user is with administrator profile so the virus can access files. When file is encrypted user will notice that .locked is appearing at the end of them. At this point, decrypting is unavailable and the only way to get your files back is by paying the cyber criminals. However security experts are always working on decryption tools so it is a matter of time for one to be developed. We do not recommend paying the ransom, because you will not only lose money to get back what’s lost, but also risk of losing valuable data anyway. Remove the virus as soon as possible with any anti-malware tool.

NOTE: The steps below might not work. We recommend using anti-malware tool to remove RAA Ransomware.

Now that you have been infected you have a few options:

Many suggest that you simply pay and hope that you will get all off your data back. However in this case you risk losing money and still being stuck with crypted files. We do not recommend this way simply because you will support the work of hackers and the more money thay get the stronger they will become.

The best option for you is if you have a backup, wipe your hard drive and perform system restore.

Use any type of anti malware software to remove RAA Ransomware.

NOTE: In this option the virus will be removed but the files will remain locked! You have to decrypt your files.

New research discovery shows how ransomware deletes files and substitute encrypted copy of them. It is not guaranteed, but it is a possibility that you may recover your files with data recovery software. Before trying to decrypt any files you can scan your computer for posible data loss.

Go here to find out how to recover deleted files.

Decrypt RAA Ransomware files.

Good news is that we can now use decryption programs. A lot of security companies like Kasperky lab, bitdefender and more has developed a program that is fully capable of decryption key for ransomware malware. You can find this programs anywhere on the internet but it is strongly suggested to download this programs from official websites. NOTE: It may take a long time for your files to be decrypted depending on your PC performance.

  • Name – RAA
  • Type Spamming – Malware, Ransomware, Trojan Horse
  • Danger Level – High
  • Brief Description – Encrypt files and demand ransom.
  • Symptoms – Poor pc performance or freezing, ransom massages.
  • Method – Via Trojan Horse or spam email.

How to remove “RAA Ransomware”

Short guide:

  1. Login as administrator.
  2. Go to control panel and uninstall any suspicious software.
  3. Use any type of anti malware software to remove RAA.
  4. Decrypt .locked  files.
  5. Delete all temporary files from disk cleanup.
  6. Restart your computer.

Note: Removing RAA Ransomware manually could be very risky and unpredictable!

Manual steps, how to remove “RAA”

Manual steps to remove ransomware or malware. How to prevent ransomware or malware.

For now, removing ransomware or malware manually will only be able for IT specialists. If you don't know one don't worry. We have a solution for you. Over here we will use Spyhunter to remove the virus. The Spyhunter anti-malware is a collection of programs that can be used to scan for malware and clean infected computers. You can also use full anti-malware program in this case which is the better option because it also offers protection.

How to remove "ransomware or malware"

NOTE: In this option the virus will be removed but the files will remain locked! You have to decrypt your files.
  1. Download Spyhunter anti-malware.
  1. 2.  After program has been downloaded, double-click to open it. User will have to install the program. Click on Spyhunter.exe to start the process.
User Account Control dialog may appear, asking you to allow the following program to make changes to this computer. Click "Yes" or "Run" to proceed with the installation. User can also choose variety of languages. Click Ok and the installation will begin with a welcome massage for Spyhunter. Click Next to continue to the next step. User will also have to accept Spyhunter license agreement by clicking on "I accept the agreement" and click Next. Spyhunter will ask user to read important information provided before continuing. Once done click on next to go to the next step. User can choose where to install the program. By default - C:Program FilesEnigma Software GroupSpyHunter. The process will continue and then Spyhunter will install. The installation process may take awhile, depending on a computer system performance. Once the installation is done, click Finish.
  1. 3. Update the software before scanning. Once program has been updated go to scan. You can choose from a free trial version or activate license. It is recommended to buy full version as the trial will not protect computer system.
  1. 4. The scan process will begin. The scan process may take awhile, depending on a computer system performance.
  1. 5. Once the scan is complete you can choose between delete or quarantine the viruses. The quarantine option is recommended and since the malware is active a reboot will be required to finish process.

Click here for guide of how to uninstall spyhunter.

Decrypt ransomware files.

Good news is that we can now use decryption programs. A lot of security companies like Kasperky lab, bitdefender and more has developed a program that is fully capable of decryption key for ransomware malware. You can find this programs anywhere on the internet but it is strongly suggested to download this programs from official websites. NOTE: It may take a long time for your files to be decrypted depending on your PC performance.