RaaSberry Ransomware
Posted: July 14, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 159 |
| First Seen: | July 14, 2017 |
|---|---|
| Last Seen: | June 26, 2023 |
| OS(es) Affected: | Windows |
The RaaSberry Ransomware is a Trojan that is renting to third-party con artists on a Ransomware-as-a-Service model that allows them to reconfigure its mode of distribution and what types of data it attacks. It uses encryption to lock your files, and its related symptoms will deliver various ransom notes that ask payment for unlocking them typically. Having backups, proper network security, and anti-malware programs capable of deleting the RaaSberry Ransomware all are crucial counter-responses to this threat's campaign.
Puns are a Trojan's New Flavor
When threat actors have an interest in leveraging Trojans for data-ransoming attacks, they can take more than one path: programming a unique application, recycling another user's free code (as malware analysts see with Hidden Tear repeatedly) or paying money to a Ransomware-as-a-Service provider. The latter is experiencing a new entry into the market by the name of the RaaSberry Ransomware. While none of its features are highly innovative, it does offer all of the traditional attacks and functions in a convenient package for other on artists to exploit at their pleasure.
Besides the 'raspberry' pun offering an easy to remember branding identity, the RaaSberry Ransomware also confers easy-to-use features for any renting administrators, including:
- The RaaSberry Ransomware bundles its decryption component with the rest of the program to eliminate the need for the threat actor to offer it separately. Instead, he needs only to provide the uniquely-generated password.
- The RaaSberry Ransomware uses a combination of the AES-256 and RSA encryptions to protect its data-encoding attacks, which can lock the victim's files securely and indefinitely. The encoding scan may target different formats, based on a custom configuration, and can attack both local drives and network-mapped ones.
- The Trojan conveys its ransom demands through both a desktop image-hijacking routine and another function that generates text files. The RaaSberry Ransomware also provides multi-linguistic support for the latter.
- This threat includes Command & Control features that operate over a network connection, most significantly, for providing the decryption. However, it also can launch its encryption-based attacks without needing any Internet access.
Malware analysts warn that many of these features are similar to those of previous file-encoding Trojan groups and may complicate a user's ability to identify an infection. Running an incompatible decryptor on any locked files could damage them beyond the possibility of recovery.
Pruning the Trojan Berries that No One should be Eating
The RaaSberry Ransomware, like any respectable RaaS-based threat, may install itself through as many different means as it has con artists willing to pay to use it. Business entities often are at risk from e-mail-based infection vectors or exploit kits that can launch through compromised website content. Recreational users are more likely to encounter threats of this nature by downloading unsafe software from torrents and compromised sites disguising themselves as freeware resources. Updating your anti-malware products should help them identify new variants of the RaaSberry Ransomware as they appear.
Since the RaaSberry Ransomware's encoding method is relatively secure, users should defend their files against possible attacks with preventative security protocols. Scheduling backups to devices not at risk of the RaaSberry Ransomware infections can eliminate any decryption requirements for restoring your content. The Trojan also uses a built-in, Bitcoin-based ransoming method that guarantees that the con artist will have more protection in the transaction than the decryptor code's buyer. Professional anti-malware products also may remove the RaaSberry Ransomware before its installation or, less preferably, after an infection.
Depending on its popularity on the Dark Web, the RaaSberry Ransomware could be just the start of a new series of campaigns using minor offspring of the same code for different attacks. Although users may be able to save themselves by post-infection measures purely, malware analysts recommend that no one gamble by placing all their digital berries in a single basket.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.