Demands $250, steals passwords for good measure
Researchers @jameswt_mht and @benkow_ found the ransomware they dubbed RAA.
Bleeping Computer malware man Lawrence Abrams described the ransomware noting it is shipped as a JS file and uses the CryptoJS library for AES encryption.
“RAA is currently being distributed via emails as attachments that pretend to be doc files and have names like mgJaXnwanxlS_doc_.js,” Abrams says.
“When the JS file is opened it will encrypt the computer and then demand a ransom of about US$250 USD to get the files back.
“To make matters worse, it will also extract the embedded password stealing malware called Pony from the JS file and install it onto the onto the victim’s computer.”
The ransomware launches a word document that appears to be corrupted, and serves to distract users while the malware encrypts files.
No means yet exist for free decryption.
Rule of thumb, do not open attachments unless you are absolutely sure the sender is valid and actually sending you something for which you asked.
We receive many emails with malware attachments from ***known*** users because they are irresponsible and do not secure their passwords or systems with strong passwords and anti-malware software. So even if you recognize the sender, do not assume it is safe.