Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Encryptor RaaS and Restore Encrypted Files

Name Encryptor RaaS
Type Ransomware, Ransomware-as-a-Service
Short Description RaaS encrypts the user’s files but is not a sophisticated ransomware. It may not have affected the Shadow Volume Copies on the system.
Symptoms A ransom message is displayed on the user’s desktop.
Distribution Method The distribution method of RaaS relies on affiliates.
Detection tool Download SpyHunter, to See If Your System Has Been Affected By Encryptor RaaS

RaaS, or Ransomware as a Service, is a new ransomware that has recently been released in the wild. It is dubbed RaaS for a reason since it allows affiliate parties to generate income by spreading the file encrypting threat. Not surprisingly, the cyber criminals have used the TOR network to host RaaS. Basically, anyone who wishes to participate in spreading the ransomware and making money out of it just has to enter a bitcoin address. The team behind RaaS will then collect and validate the payments, issue decryption keys, and send the money back to the affiliated person. As a result, the person behind the whole RaaS operation keeps 20% of the money obtained from victims.raas-ransomware

What is Specific about RaaS?

According to security researchers, RaaS is similar to the Tox ransomware. RaaS, however, is not that sophisticated at all as it has none-existing affiliate console. Affiliates rely on their own methods of distribution, and they alone have to review the success of infections.

How is RaaS Developed?

A string within the executable of RaaS indicates that the ransomware may have been written in Java. Nathan Scott and Cody Johnston are researchers who have closely examined the executable. They discovered a reference to the libgcj-16.dll. If this indeed true, RaaS is about to be the first ransomware to be designed in Java. libgcj-16.dll is part of The GNU Compiler for the Java Programming Language, also known as GCJ. GCJ serves to compile Java programs into Windows executables

How is RaaS Distributed?

Because the distribution of the ransomware executable is done on the affiliate side, the file location or the method of circulation are not known.

Once the ransomware is installed, it will encrypt the user’s files based on their extensions. The applied encryption method, however, is not yet determined. What is more, the encrypted files will still have their original extensions. Here is a list of affected files:

→abw,accdb,ai,aif,arc,as,asc,asf,ashdisc,asm,asp,aspx,asx,aup,avi,bbb,bdb,bibtex,bkf,bmp,bpn,btd,bz2,c,cdi,cer,cert,cfm,cgi,cpio,cpp,crt,csr,cue,c++,dds,dem,dmg,doc,docm,docx,dsb,dwg,dxf,eddx,edoc,eml,emlx,eps,epub,fdf,ffu,flv,gam,gcode,gho,gif,gpx,gz,h,hbk,hdd,hds,hpp,h++,ics,idml,iff,img,indd,ipd,iso,isz,iwa,j2k,jp2,jpf,jpeg,jpg,jpm,jpx,jsp,jspa,jspx,jst,key,keynote,kml,kmz,lic,lwp,lzma,m3u,m4a,m4v,max,mbox,md2,mdb,mdbackup,mddata,mdf,mdinfo,mds,mid,mov,mp3,mp4,mpa,mpb,mpeg,mpg,mpj,mpp,msg,mso,nba,nbf,nbi,nbu,nbz,nco,nes,note,nrg,nri,ods,odt,ogg,ova,ovf,oxps,p2i,p65,p7,pages,pct,pdf,pem,phtm,phtml,php,php3,php4,php5,phps,phpx,phpxx,pl,plist,pmd,pmx,png,ppdf,pps,ppsm,ppsx,ppt,pptm,pptx,ps,psd,pspimage,pst,pub,pvm,qcn,qcow,qcow2,qt,ra,rar,raw,rm,rtf,s,sbf,set,skb,slf,sme,smm,spb,sql,srt,ssc,ssi,stg,stl,svg,swf,sxw,syncdb,tar,tc,tex,tga,thm,tif,tiff,toast,torrent,tpl,ts,txt,vbk,vcard,vcd,vcf,vdi,vfs4,vhd,vhdx,vmdk,vob,wbverify,wav,webm,wmb,wpb,wps,xdw,xlr,xls,xlsx,xz,yuv,zip,zipx

What Does RaaS’s Ransom Message Say?

As with all file-encrypting ransom threats, a ransom message is displayed on the user’s Desktop once the files are encrypted. The message’s file is most likely called encryptor_raas_readme_liesmich.txt and it contains instructions in English and German. The message reads something like:

    ATTENTION!

    The files on your computer have been securely encrypted by Encryptor RaaS.

    To get access to your files again, follow the instructions at:

    https://decryptoraveidf7.onion.to/vict?cust=&guid=

    ACHTUNG!

    Die Dateien auf Ihrem Computer wurden von Encryptor RaaS sicher verschluesselt.

    Um den Zugriff auf Ihre Dateien wiederzuerlangen, folgen Sie der Anleitung auf:

    https://decryptoraveidf7.onion.to/vict?cust=&guid=

How to Remove RaaS and Restore the Encrypted Files?

Fortunately, RaaS doesn’t seem to affect or delete the Shadow Volume Copies. So, unless the affiliate knows how to use such protection, the user can restore his files without paying. We have provided a removal manual for ransomware threats that don’t affect Shadow Volume Copies. You can find it below the article.

For the sake of your future’s safety, always remember to back up your data to stay protected against ransomware and cyber threats of all kinds.

Stage One: Remove Encryptor RaaS

1. First and most important – download and install a legitimate and trustworthy anti-malware scanner, which will help you run a full system scan and eliminate all threats. donload_now_250
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool

2. Run a second scan to make sure that there are no malicious software programs running on your PC. For that purpose, it’s recommended to download ESET Online Scanner.

Your PC should be clean now.

Stage Two: Restore the Encrypted Files

Option 1: Best case scenario – You have backed up your data on a regular basis, and now you can use the most recent backup to restore your files.

Option 2: Try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. They might help you in the process but keep in mind that they were not specially designed to encrypt information that was decrypted by this particular ransomware.

Option 3: Shadow Volume Copies

1. Install the Shadow Explorer, which is available with Windows Vista, Windows 7, Windows 8 and Windows XP Service Pack 2.

2. From Shadow Explorer’s drop down menu choose a drive and the latest date you would like to restore information from.

3. Right-click on a random encrypted file or folder then select “Export”. Select a location to restore the content of the selected file or folder.

Remove Encryptor RaaS Automatically with Spy Hunter Malware – Removal Tool.

donload_now_250
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.