|Short Description||RaaS encrypts the user’s files but is not a sophisticated ransomware. It may not have affected the Shadow Volume Copies on the system.|
|Symptoms||A ransom message is displayed on the user’s desktop.|
|Distribution Method||The distribution method of RaaS relies on affiliates.|
|Detection tool||Download SpyHunter, to See If Your System Has Been Affected By Encryptor RaaS|
RaaS, or Ransomware as a Service, is a new ransomware that has recently been released in the wild. It is dubbed RaaS for a reason since it allows affiliate parties to generate income by spreading the file encrypting threat. Not surprisingly, the cyber criminals have used the TOR network to host RaaS. Basically, anyone who wishes to participate in spreading the ransomware and making money out of it just has to enter a bitcoin address. The team behind RaaS will then collect and validate the payments, issue decryption keys, and send the money back to the affiliated person. As a result, the person behind the whole RaaS operation keeps 20% of the money obtained from victims.
What is Specific about RaaS?
According to security researchers, RaaS is similar to the Tox ransomware. RaaS, however, is not that sophisticated at all as it has none-existing affiliate console. Affiliates rely on their own methods of distribution, and they alone have to review the success of infections.
How is RaaS Developed?
A string within the executable of RaaS indicates that the ransomware may have been written in Java. Nathan Scott and Cody Johnston are researchers who have closely examined the executable. They discovered a reference to the libgcj-16.dll. If this indeed true, RaaS is about to be the first ransomware to be designed in Java. libgcj-16.dll is part of The GNU Compiler for the Java Programming Language, also known as GCJ. GCJ serves to compile Java programs into Windows executables
How is RaaS Distributed?
Because the distribution of the ransomware executable is done on the affiliate side, the file location or the method of circulation are not known.
Once the ransomware is installed, it will encrypt the user’s files based on their extensions. The applied encryption method, however, is not yet determined. What is more, the encrypted files will still have their original extensions. Here is a list of affected files:
What Does RaaS’s Ransom Message Say?
As with all file-encrypting ransom threats, a ransom message is displayed on the user’s Desktop once the files are encrypted. The message’s file is most likely called encryptor_raas_readme_liesmich.txt and it contains instructions in English and German. The message reads something like:
The files on your computer have been securely encrypted by Encryptor RaaS.
To get access to your files again, follow the instructions at:
Die Dateien auf Ihrem Computer wurden von Encryptor RaaS sicher verschluesselt.
Um den Zugriff auf Ihre Dateien wiederzuerlangen, folgen Sie der Anleitung auf:
How to Remove RaaS and Restore the Encrypted Files?
Fortunately, RaaS doesn’t seem to affect or delete the Shadow Volume Copies. So, unless the affiliate knows how to use such protection, the user can restore his files without paying. We have provided a removal manual for ransomware threats that don’t affect Shadow Volume Copies. You can find it below the article.
For the sake of your future’s safety, always remember to back up your data to stay protected against ransomware and cyber threats of all kinds.
Stage One: Remove Encryptor RaaS
1. First and most important – download and install a legitimate and trustworthy anti-malware scanner, which will help you run a full system scan and eliminate all threats.
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool
2. Run a second scan to make sure that there are no malicious software programs running on your PC. For that purpose, it’s recommended to download ESET Online Scanner.
Your PC should be clean now.
Stage Two: Restore the Encrypted Files
Option 1: Best case scenario – You have backed up your data on a regular basis, and now you can use the most recent backup to restore your files.
Option 2: Try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. They might help you in the process but keep in mind that they were not specially designed to encrypt information that was decrypted by this particular ransomware.
Option 3: Shadow Volume Copies
1. Install the Shadow Explorer, which is available with Windows Vista, Windows 7, Windows 8 and Windows XP Service Pack 2.
2. From Shadow Explorer’s drop down menu choose a drive and the latest date you would like to restore information from.
3. Right-click on a random encrypted file or folder then select “Export”. Select a location to restore the content of the selected file or folder.
Remove Encryptor RaaS Automatically with Spy Hunter Malware – Removal Tool.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter