Security experts of the website Bleepingcomputer have found and analyzed a new Ransomware (blackmail Trojan). The discoverers call it RAA and emphasize that the pest was completely written in javascript. This allows for more serious effects on the infected computer, but can be handled with certain precautions.
What can you do?
RAA comes as a javascript file via e-mail attachment. The file itself tries to camouflage itself as a Word document. If the victim runs the email attachment, a fake Word file opens, while the encryption of important system directories on the Windows partition begins. On the other hand, the file opens a malware called "Pony", which is used for passwords.
On the desktop, you will find a text document that forces the victim to pay about $ 250 to recover their own data. The passwords are not mentioned. So far, RAA has only appeared in Russian. It can be assumed that localized versions will also appear.
RAA is quite easy to handle - apart from the fact that you should not open e-mail attachments from foreign senders or check any attachments. Because RAA relies on javascript and triggers actions outside of the browser, you should disable the so-called interpreter, which is the base on which Javascript code is executed on a system, as described by Bleeping Computer.
Lesetipp: Ransomware - that you should know
To do this, you need to access your Windows registry, open it with the Start button, run it and enter "regedit". Under the path "HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows Script Host \ Settings \ Enabled", insert a new DWORD entry and give it the value "0". If, for example, you should rely on JavaScript-based software, you can simply set the entry to the value 1.
No comments:
Post a Comment