Rapid RaaS

The Rapid RaaS is a Ransomware as a Service platform that has been associated with the Rapid 2.0 Ransomware and several other encryption ransomware Trojans. The Rapid RaaS is a sophisticated RaaS but is smaller in scope than many other encryption ransomware platforms that are active currently. PC security researchers have observed activity associated with the Rapid RaaS dating back to January 2018. The Rapid RaaS started drawing attention after advertisements associated with it begin appearing on the Dark Web, looking for people to join the criminals' team. The Rapid RaaS advertisement was posted on forums for Russian speakers and included details about the ransomware builder used in association with the Rapid RaaS platform.

The Rapid RaaS and Its Associated Trojans

The newest versions of the Trojan associated with the Rapid RaaS first appeared in August 2018, and are written using C++. This Trojan is capable of carrying out attacks offline and has several features associated with other threats including advanced encryption and persistence featured. However, at its core, there is nothing to separate the Rapid RaaS from the many other encryption ransomware Trojans that are active currently; the Rapid RaaS will use a strong encryption algorithm to make the victim's files inaccessible and then demands a ransom payment from the victim to restore the affected files. The file types that variants in the Rapid RaaS family will target include:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

Characteristics of the Rapid RaaS Platform

One aspect of the Rapid RaaS that is advertised is that it has encryption on multiple threads and claims that each variant produced using the Rapid RaaS's ransomware builder has a unique decryption program. The Rapid RaaS's associated advertisement claims that people being hired into their team are expected to create profits within a couple of weeks. The Rapid RaaS's developers receive a quarter of all profits generated using the Rapid RaaS. The Rapid RaaS team seems to be attempting to find clients for their platform while disguising this as a supposed search for new team members.

How Computer Users can Protect Their Data from the Threats Associated with the Rapid RaaS

The Rapid RaaS, at its core, do not have anything that differentiates it from the many other encryption ransomware platforms that are active today. Because of this, the best method to combat ransomware attacks, as with other threats of this type, is to have file backups. Having file backups can help victims of the Rapid RaaS attack to recover their data by replacing it from the backup. In fact, if enough computer users have file backups, threats like those produced by the Rapid RaaS would become obsolete since the criminals responsible for these threats would no longer be able to generate profits.


Most Viewed