Most malware programs for Windows are written in compiled programming languages like C or C++ and take the form of portable executable files such as .exe or .dll. Others use command-line scripting such as Windows batch or PowerShell.
Once it encrypts a file, RAA adds a .locked extension to its original name. The ransomware targets the following file types: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar and .csv.
"At this point there is no way to decrypt the files for free," said Lawrence Abrams, the founder of BleepingComputer.com, in a blog post.
The RAA infections reported so far by users display the ransom note in Russian, but even if the threat only targets Russian-speaking users for now, it's only a matter of time until it's distributed more broadly and localized for other languages.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.