There has been a new data-locking Trojan spotted in the wild – the RAGA Ransomware. It is not clear whether the RAGA Ransomware belongs to any of the existing ransomware families.
Propagation and Encryption
Cybercriminals who create and distribute ransomware threats often opt to use phishing emails as the main infection vector. This means that the authors of the threat would create a fraudulent message and attack a macro-laced file, or include a corrupted attachment to compromise the targeted user's system. Apart from spam emails, the cyber crooks may choose to use several other popular propagation techniques:
- Torrent trackers.
- Fraudulent social media profiles and pages.
- Bogus software downloads and updates.
- Corrupted advertisements online.
Regardless of the infection vector, once the RAGA Ransomware manages to infiltrate your computer, it will begin locking your files using an encryption algorithm. This will result in all your images, audio files, videos, documents, presentations, spreadsheets, databases, and archives being locked and, therefore, unusable. When a file is encrypted by the RAGA Ransomware, its name will be changed. This is due to the fact that the RAGA Ransomware appends a '.[<VICTIM ID>].[firstname.lastname@example.org]. RAGA' extension to its name. For example, a file named 'golden-locks.mp3' will be renamed to 'golden-locks.mp3.[<VICTIM ID>].[email@example.com]. RAGA.' Every affected user gets assigned a unique victim ID.
The Ransom Note
After completing the encryption process, the drops a ransom note named 'readme-warning.txt.' In the ransom message, the attackers fail to mention a specific fee that the user needs to pay to purchase the decryption key they need to recover their data. The ransom note states that the user's files cannot be decrypted unless they obtain the decryptor offered by the attackers. The authors of the RAGA Ransomware offer to unlock one file for free. The perpetrators demand to be contacted via email and provide an email address for this purpose – ‘firstname.lastname@example.org.'
It is not advisable to contact cybercriminals like the RAGA Ransomware's creators. Instead of giving cybercriminals your hard-earned cash, you should consider investing in a trustworthy, modern anti-virus software suite that will remove the RAGA Ransomware from your PC in no time.