Ranstop anti-ransomware protects files against a “RAA” variant – Temasoft Lab Demo

/in , /by

Case subject – A “RAA” variant (JavaScript-based) (Virustotal details)

This live ransomware test focuses on a RAA variant to determine how effective TEMASOFT Ranstop is at tackling elusive JavaScript-based ransomware. The RAA ransomware variants have been around since mid-2016, but it still manages to elude a good number of anti-virus engines. It gets delivered to victims as an email attachment, and, upon execution, it creates and opens a document to capture the victims’ attention while the encryption process starts in the background. At the same time, the script is added to auto-run so that Windows will execute it every time it boots up. Usually, it also installs other malware such as “Pony”, a password-stealing Trojan. The file types usually being targeted are documents and images with various extensions (.doc, .pdf, .jpeg, etc.). A ransom note containing instructions on how to recuperate the files is created on the desktop.

Case facts

TEMASOFT Ranstop detects and stops this variant in around 5 seconds, time in which the ransomware managed to encrypt over more than 150 files on the local hard drive.

At this rate, an entire system may be compromised between 10 minutes and half an hour.

Upon execution of the .js file, a “.doc” file is created and opened. This document contains a macro that launches embedded executables which will do the actual encryption. As soon as the malware is detected and stopped, the executables involved are being quarantined, and an incident is logged into the TEMASOFT Ranstop Console. At the same time, the compromised files are being restored to their original location.

Case Conclusion

TEMASOFT Ranstop managed to stop RAA in a matter of seconds and restore all the damaged files automatically.


Click here to watch TEMASOFT Ranstop in action (video)!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.


You might also like
Ranstop blocks Phobos ransomware
Notable ransomware attacks in the first two months of 2018
Ranstop anti-ransomware defends against over-the-network attack by Satana ransomware - Temasoft Lab Demo
This is what happens when ransomware attacks a city government
Ranstop blocks Gerber ransomware
Ranstop blocks ScammerLocker ransomware