Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search

RAA Ransomware Installs Data Stealing Trojan After Locking Files

 

The latest version of RAA ransomware has implemented a data stealing Trojan…

RAA ransomware was first discovered in June; however new updates have made it even more threatening.  Along with the ability to lock files, the ransomware also installs a pony Trojan that steals login credentials.  Not only could this assist in spreading the RAA ransomware, but authors could sell this information on the dark web.

RAA ransomware is spreading through phishing scams.  The email being distributed is stating there is an overdue balance to a supplier, and the reader needs to download a malicious zip file to see the “payment” due.  However, instead of downloading a payment invoice, they then install the ransomware and pony Trojan.

According to ZDNet, the ransomware is targeting businesses, instead of home users due to the increased financial payoff by focusing on larger targets.  It is also reported, the ransomware is also focused on spreading in regions with Russian speaking readers.  Although, this does not mean that the ransomware won’t go global.

Prevention

In order to properly protect your endpoints from ransomware infections, such as RAA, you need to take the following steps:

  1. Update – Ensure all of your operating systems and applications are up to date.  Any systems left outdated are open vulnerabilities, simply waiting for attack.
  2. Application whitelisting – In order to remain safe with the constantly evolving security threats, you must have a security program that implements application whitelisting technology.  Whitelisting prevents any unwanted and unsafe programs from executing on your computers.
  3. Employee awareness training – Employees must understand what red flags to look for to identify malware and phishing scams.  Increased awareness will lead to a decrease in victims.
  4. Appropriate access administration – It is the employers duty to ensure employees have access administration rights that are appropriate for their job duties.  Many times employees have more rights than necessary for their daily job functions, which leads to an increased risk.

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles