Ransomware is no joke. We've been warning you for some time now that ransomware is becoming a favorite for cybercriminals. Security experts are finding new forms of ransomware targeting victims almost every week.
Earlier this year we told you about a newly discovered form of ransomware called RAA. (Click here to read the full story.) Now, RAA has evolved into a more effective and dangerous threat.
Windows machines typically block .exe and .bat files from running automatically. However, .js files are not blocked. This means that if you're using Windows on your computer, the mere act of opening the file is enough to set the code into action and immediately encrypt your files.
Cybercriminals have made a change to RAA that makes it even scarier. This ransomware is still distributed by email, however, the malicious code is now hiding in a Zip attachment that is password protected. This makes it more difficult to be found by anti-virus software.
Also, the attackers are targeting businesses more than individuals due to a higher payout potential. The victims receive an email claiming to be about an overdue payment owed to a supplier. Information about the phony payment request is hiding in the infected Zip file.
Once the victim opens the Zip file, the ransomware begins to install. While the RAA is being installed, a text document will be displayed to distract the victim. When the installation is complete, a ransom note appears saying your files have been encrypted.
The newest version of RAA is more effective because it does not need to communicate with the command and control (C&C) server to encrypt the victims' files. A Trojan generates its own master keys on the infected gadgets instead of requesting them from the C&C. This means even machines that are offline can be infected.
If a PC is infected, on top of having files encrypted, RAA also delivers a Pony Trojan. This is malware that can steal login credentials, which could let hackers spread the Trojan to the victims' contacts.