Most malware programs for Windows are written in compiled programming languages like C or C++ and take the form of portable executable files such as .exe or .dll. Others use command-line scripting such as Windows batch or PowerShell.
Once it encrypts a file, RAA adds a .locked extension to its original name. The ransomware targets the following file types: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar and .csv.
“At this point there is no way to decrypt the files for free,” said Lawrence Abrams, the founder of BleepingComputer.com, in a blog post.
The RAA infections reported so far by users display the ransom note in Russian, but even if the threat only targets Russian-speaking users for now, it’s only a matter of time until it’s distributed more broadly and localized for other languages.