Home Malware Programs Ransomware Rapid RaaS

Rapid RaaS

Posted: August 8, 2018

The Rapid RaaS is a family of file-locker Trojans that criminals may hire for launching campaigns of blocking media for ransoming money. While malware experts have yet to determine whether or not the Rapid RaaS is a direct update of the preexisting Rapid Ransomware campaigns, this Russian software family shows most of the same symptoms as them, including blocking your files arbitrarily. Users should store backups of their work as a precaution and use anti-malware products for eliminating the Rapid RaaS when it tries to attack.

Trojans Getting Rapid in New Regions

Threat actors with either a new variant of the Rapid Ransomware or a different program that's borrowing its brand are marketing their file-locking services towards interested criminals in the Russian Dark Web. Like most file-locking Trojans, the Rapid RaaS group offers a 'partnership' basis for all campaigning: by giving criminals access to the program without needing any programming experience, they can distribute it however they prefer, and split the ransom that the victim pays. These attacks are, as is almost always the case, most threatening for PC users who update their backups rarely or not at all.

The Rapid RaaS is a Windows-based, C++ application that conducts attacks against the user's local media, such as documents, archives, pictures, audio, spreadsheets, and other formats. It uses the AES-256 encryption in CBC mode for blocking these files, and, then, secures them with another, RSA algorithm. Malware researchers see additional evidence of the Rapid RaaS also removing the Shadow Volume Copies, which prevents the user from recovering their work by rolling back to the last Windows restore point.

Ransomware-as-a-Service delegates the distribution and installation portions of the Trojan's campaign to numerous third parties. Although its infection vectors are predictable imperfectly, the Rapid RaaS is most likely of infecting PCs that use non-secure network login credentials or after the user opens a corrupted e-mail attachment. Typical spam e-mail-based attacks may disguise the Trojan dropper for the Rapid RaaS inside of macros or other exploit-using documents, such as a fake memo or billing notification.

Slowing Down a Trojan's Pace of Extortion

Russia is becoming a prominent hotspot for Ransomware-as-a-Service and its offspring, such as the Scarab Ransomware family, or the individual campaigns of the WannaCash Ransomware, the Qnbqw Ransomware, and the FBLocker Ransomware. PC users interacting with non-secure, Russian file-hosting websites or file-sharing networks should keep in mind that media and software piracy and file-locker Trojans' installation exploits have high rates of overlapping. However, suitably updated security software frequently identifies most threats of this category and should block the Rapid RaaS.

Users should keep their files safe from encryption-based attacks by storing copies away from a Trojan's capabilities for causing harm by either encrypting or deleting the data. Traditional definitions for sufficiently secure storage options include removable devices and cloud storage. Network shares without any additional security are equally at risk as any local media. Regardless of whether or not you can save your files, you should have a suitable anti-malware product uninstall the Rapid RaaS for removing any chances of future data loss.

There is no free decryption solution for the Rapid RaaS family, whose means of infecting a PC may vary with each new criminal that 'hires' it. Since the Rapid RaaS is far from the only file-locking threat with this issue, malware experts can see no benefits coming from forgetting your backup routine.

Loading...