Called RAA, this new variant of ransomware is disguised as an innocent-looking document file. Moreover, it is hidden inside a "macro," or a script program that can be attached to documents to adapt content in real time. Not only they have the ability to modify documents, they can also be programmed to function as a full-blown application which can alter files and download software from the internet.
As per usual, the malware is sent to potential victims via email. The message plays on the fears of the receiver by stating that they have some kind of unpaid invoice, or a criminal court case. It contains an attachment like "Invoice.txt" or something similar. With the file looking safe, the receiver can proceed to download the file.
Error! Error code (0034832)
This document was created in a newer version of MS Word and cannot be opened with your version of WordPad.
Contact the creator of the file, or open the file with MS Word 2013.
Some parts of this content may not be displayed properly.
Once encryption is complete, the victim will be greeted with a message written in Russian indicating that their files have been encrypted. It states:
Your files have been encrypted by the RAA malware.
The AES-256 algorithm was used for encryption – the same encryption that is used to protect state secrets.
This means that restoring data is only possible by buying the key from us.
Buying the key is the simplest solution.
It will then demand 0.39 Bitcoins, which is roughly equal to $260. Moreover, the ransomware reportedly lets you decrypt some files for free, but it does not clearly state how the victim can do so.
Bleeping Computer reports that there is currently no way to combat the malware without paying the ransom.
While these types of malware are booming, users can still take measures to protect themselves, by being vary careful of the attachments they open, especially if they seem to be from an unknown source, as well as keeping antivirus and anti-malware programs updated.