EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|Threat Level:||80 % (High)|
|First Seen:||June 15, 2016|
|Last Seen:||November 11, 2020|
There has been a noticeable escalate in ransomware attacks in spring and summer of 2016. The RAA Ransomware is a ransomware Trojan that encrypts its victims' files and then demands the payment of a ransom. PC security analysts are strongly against paying the RAA Ransomware ransom. Fortunately, it appears that there is a decryption utility available that can help computer users to recover the files encrypted by the RAA Ransomware without having to pay the ransom this threat demands from them. The RAA Ransomware does not seem to be programmed particularly well, and it is probably the work of amateurs. Regardless, it is easy to confuse the RAA Ransomware with a more severe threat, paying the ransom instead of recovering the affected files with a decryption utility.
The Main Target of the RAA Ransomware Infection is Russian-Speaking Computer Users
The RAA Ransomware seems to be targeted towards Russian-speaking computer users, although the RAA Ransomware can infect computers outside of Russia. The RAA Ransomware's ransom note is named !!!README!!!.rtf, and alerts the computer user that the files were encrypted using an AES-256 encryption algorithm. The RAA Ransomware demands that computer users send their personal ID number to the email address RAAemail@example.com to receive payment instructions. The RAA Ransomware demands the payment of $250 USD for the decryption key and offers to decrypt a few of the victim's files. The RAA Ransomware may be distributed using corrupted email attachments. Files encrypted using the RAA Ransomware will have the extension '.LOCKED'. The RAA Ransomware targets the following file extensions:
.doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar, .csv.
If the file path contains one of the following strings, the RAA Ransomware skips those files:
Windows, RECYCLER, Program Files, Program Files (x86), Recycle.Bin, APPDATA, TEMP, ProgramData, and Microsoft.
*** ATTENTION! ***
Your files have been encrypted virus the RAA.
For encryption was used algorithm AES-256, which used to protect information of state secrets.
This means that data can be restored only by purchasing a key from us.
Buying key - a simple deed.
All you need to:
1. Send your ID E993A9FD-C5D9-4128-AF38-71A54E1258DA to the postal address
2. Test decrypt few files in order to make sure that we do have the key.
3. Transfer 0.39 BTC ($ 250) to Bitcoin-address
For information on how to buy Bitcoin for rubles with any card -
4. Get the key and the program to decrypt the files.
5. Take measures to prevent similar situations in the future.
Do not attempt to pick up the key, it is useless, and can destroy your data permanently.
If the specified address (the RAAfirstname.lastname@example.org) you have not received a reply within 3 hours, you can use the service for communication Bitmessage (our address - BM-2cVCd439eH5kTS9PzG4NxGUAtSCxLywsnv).
More details about the program - https://bitmessage.org/wiki/Main_Page
We CAN NOT long keep your All keys, for which no fee has been paid, are removed within a week after infection.
README files located in the root of each drive
Preventing the RAA Ransomware Attacks
Malware researchers strongly advise against paying the RAA Ransomware ransom. When dealing with these threats, it is important to take preventive measures. Malware researchers also advise computer users to backup their files on an external device. It is also essential that computer users use a reliable security application that is fully up-to-date to prevent threats like the RAA Ransomware from entering a computer. A good anti-spam filter and good security practices also can prevent computer users from opening corrupted email attachments containing threats like the RAA Ransomware.