RaaSberry Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 17,008 |
Threat Level: | 100 % (High) |
Infected Computers: | 68 |
First Seen: | July 14, 2017 |
Last Seen: | June 26, 2023 |
OS(es) Affected: | Windows |
The RaaSberry Ransomware is a ransomware project that was first observed on July 14, 2017. The RaaSberry Ransomware is a RaaS (Ransomware as a Service) platform that is used to allow con artists to carry out ransomware attacks easily and effectively, without having to develop the ransomware Trojan themselves. The RaaSberry Ransomware was announced on the Dark Web, and the con artists that want to take advantage of the RaaSberry Ransomware platform have various options on the types of products and attacks that they can purchase. The RaaSberry Ransomware represents a real threat to computer users, and steps should be taken to eradicate this and other threats immediately.
Table of Contents
The RaaSberry Ransomware Trojan and Its RaaS Campaign
There are several packages priced differently, allowing con artists to carry out different levels of attacks. There are packages named Plastic, Bronze, Silver, Gold, and Platinum, each offering the con artists a different level of access and support. The cheapest version of the RaaSberry Ransomware can be purchased for $60 USD, while the most expensive costs $650 USD. The prices are listed using BitCoins, which is the preferred currency used for these illicit enterprises because it offers the con artists using it anonymously.
The people that purchase a RaaSberry Ransomware package receive technical support and resources for creating Command and Control servers, which are used by the RaaSberry Ransomware to communicate with its operators. The con artists providing the RaaSberry Ransomware do not handle distribution, and those purchasing the RaaSberry Ransomware may choose their preferred method, which could include spam email attachments, corrupted online links, directly hacking into computers or countless other ways of delivering threats to victims. However, the servers required to support the RaaSberry Ransomware attack and handle payment issues are handled by the RaaS providers.
How the RaaSberry Ransomware Attack Works
Like other ransomware Trojans, the RaaSberry Ransomware is designed to encrypt the victims' files, and then demand the payment of a ransom. The RaaSberry Ransomware will infect all computers running the Windows operating system, going as far back as Windows XP and operating system versions as recent as Windows 10. The RaaSberry Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible, making it nearly impossible to recover the files encrypted by the RaaSberry Ransomware attack. After encrypting the victim's files, the RaaSberry Ransomware will display a ransom message, which alerts the computer user of the attack and demands the payment of a ransom. The RaaSberry Ransomware RaaS offers multi language support, offering customers the choice between the following languages for its ransom note: English, Mandarin, Hindi, Portuguese, Arabic, Spanish, Russian, Vietnamese, Japanese, Italian, German, French, Tamil, Korean and Punjabi.
In its attack, the RaaSberry Ransomware will encrypt files with certain file extensions. The following are examples of file types that may be targeted in these attacks, made inaccessible through the RaaSberry Ransomware's encryption algorithm:
.aif, .apk, .arj, .asp, .bat, .bin, .cab, .cda, .cer, .cfg, .cfm, .cpl, .css, .csv, .cur, .dat, .deb, .dmg, .dmp, .doc, .docx, .drv, .gif, .htm, .html, .icns, .iso, .jar, .jpeg, .jpg, .jsp, .log, .mid, .mp3, .mp4, .mpa, .odp, .ods, .odt, .ogg,.part, .pdf, .php, .pkg, .png, .ppt, .pptx, .psd, .rar, .rpm, .rss, .rtf, .sql, .svg, .tar.gz, .tex, .tif, .tiff, .toast, .txt, .vcd, .wav, .wks, .wma, .wpd, .wpl, .wps, .wsf, .xlr, .xls, .xlsx, .zip.
Protecting Your Data from Threats Like the RaaSberry Ransomware
The best protection against the RaaSberry Ransomware and other ransomware Trojans is to have backup copies of your files. Having backup copies means that con artists will not have the power to demand that you pay a ransom since you could simply restore the files from the backup copy. Apart from a backup system, a dedicated security program that is fully up to date should be used to protect your computer from the RaaSberry Ransomware and other ransomware threats.