It is distributed via emails and attachments that disguise themselves as Word documents, using names such as mgJaXnwanxlS_doc_.js. When the file is opened, the malware encrypts the computer and demands a ransom of $250 (0.39BTC) to unlock files.
The code runs via the Windows Script Host (WSH), which executes system commands allowing access to system utilities.
RAA encrypts around 16 file types and the was initially discovered with a ransom note written in Russian.
“Malicious scripting files aimed to compromise a system and distributed via email attachment has existed for many years,” he said.
Kolochenko went on to say that, "I would recommend updating anti-spam rules - something we did at High-Tech Bridge years ago - and block any .js and other scripting attachments, same as .exe files. You should also restrict running scripting extensions, the same as executables, using Microsoft Software Restriction Policy mechanism."
Mark James, security specialist at ESET, told SCMagazineUK.com that there are many ways to protect against this type of threat that may include measures like disabling windows script host (WSH) or simply having rules set up to manage any attachments that contain .js files.
“As in most cases it's often about pre-empting the current threat vector and trying to take away the actual danger from the end user. Having policies in place to quarantine potential dangerous attachments for checking later is a great way to protect your very valuable data from user error or silly mistakes,” he added.