Leave a comment

Top Story: Frightening ransomware now encrypts files even when you're offline

Top Story: Frightening ransomware now encrypts files even when you're offline
photo courtesy of SHUTTERSTOCK

Ransomware is no joke. We've been warning you for some time now that ransomware is becoming a favorite for cybercriminals. Security experts are finding new forms of ransomware targeting victims almost every week.

Earlier this year we told you about a newly discovered form of ransomware called RAA. (Click here to read the full story.) Now, RAA has evolved into a more effective and dangerous threat.

When RAA was first discovered it was expected to spread more rapidly than any other ransomware. That's because it's coded using JavaScript, which means it could spread at an unprecedented rate. RAA hides in an infected document that begins to encrypt your system as soon as the file is opened.

Windows machines typically block .exe and .bat files from running automatically. However, .js files are not blocked. This means that if you're using Windows on your computer, the mere act of opening the file is enough to set the code into action and immediately encrypt your files.

Cybercriminals have made a change to RAA that makes it even scarier. This ransomware is still distributed by email, however, the malicious code is now hiding in a Zip attachment that is password protected. This makes it more difficult to be found by anti-virus software.

Also, the attackers are targeting businesses more than individuals due to a higher payout potential. The victims receive an email claiming to be about an overdue payment owed to a supplier. Information about the phony payment request is hiding in the infected Zip file.

Once the victim opens the Zip file, the ransomware begins to install. While the RAA is being installed, a text document will be displayed to distract the victim. When the installation is complete, a ransom note appears saying your files have been encrypted.

The newest version of RAA is more effective because it does not need to communicate with the command and control (C&C) server to encrypt the victims' files. A Trojan generates its own master keys on the infected gadgets instead of requesting them from the C&C. This means even machines that are offline can be infected.

If a PC is infected, on top of having files encrypted, RAA also delivers a Pony Trojan. This is malware that can steal login credentials, which could let hackers spread the Trojan to the victims' contacts.

 

Next Story
Source: ZDNet
Inappropriate content hidden in Apple's new iOS 10 Messages app
Previous Happening Now

Inappropriate content hidden in Apple's new iOS 10 Messages app

1.9 million cars recalled for defects
Next Happening Now

1.9 million cars recalled for defects

View Comments ()