How to remove RAA Ransomware (Removal Guide)
This RAA ransomware removal guide contains instructions to remove RAA ransomware, viruses, malware, and other threats from your computer.
RAA Ransomware Removal & Help Guide
RAA ransomware is a computer infection that encrypts the files on your computer, changes file extensions to .locked, leave a note file named !!!README!!![your-id].rtf file in every folder, and changes your desktop to a ransom note in the Russian that translates to “Your files have been encrypted virus RAA.” The RSS virus will then demand an excessive ransom payment to decrypt your files.
Once the RAA virus has been installed it will leave a file named !!!README!!![your-id].rtf in every folder it encrypts files in. It will change the filename of files it encrypts to something ransom and will amend a .locked extension to each file. An example of a changed filename is 2Dr02sMu83.locked.
This is an example of the !!!README!!![your-id].rtf file:
*** ATTENTION! *** Your files have been encrypted virus RAA. For encryption was used algorithm AES-256 is used to protect information of state secrets. This means that data can be restored only by purchasing a key from us. Buying key - a simple deed. All you need to: 1. Send your ID E993A9FD-C5D9-4128-AF38-71A54E1258DA to the postal address raa-consult1@keemail.me. 2. Test decrypt few files in order to make sure that we do have the key. 3. Transfer 0.39 BTC ($ 250) to Bitcoin-address 15ADP9ErZTNgU8gBoJWFCujGbJXCRDzgTv. For information on how to buy Bitcoin for rubles with any card - //www.bestchange.ru/visa-mastercard-rur-to-bitcoin.html 4. Get the key and the program to decrypt the files. 5. Take measures to prevent similar situations in the future. Importantly (1). Do not attempt to pick up the key, it is useless, and can destroy your data permanently. Importantly(2). If the specified address (raa-consult1@keemail.me) you have not received a reply within 3 hours, you can use the service for communication Bitmessage (our address - BM-2cVCd439eH5kTS9PzG4NxGUAtSCxLywsnv). More details about the program - //bitmessage.org/wiki/Main_Page Importantly (3). We CAN NOT long keep your All keys, for which no fee has been paid, are removed within a week after infection.
The file will be set to autorun which will allow it to start every time you log into Windows.
At this point there is no way to decrypt the files for free. If anything is discovered in the future, we will update this article with more information.
How to remove RAA Ransomware
This guide below will help you remove malicious files from your computer. It will not help you recover your files. At this time there is no free decryption method. If you do not wish to complete this guide you can restore or recover your computer to factory settings or a data before your computer was infected.
- Scan your computer with Malwarebytes
- Scan your computer with HitmanPro
- Cleanup and repair settings with CCleaner
1. Scan your computer with Malwarebytes
The first step to remove RAA ransomware and malicious traces from your computer is to download and install Malwarebytes Anti-Malware software in order to perform a full system scan for malicious files.
1. Download and Install Malwarebytes Anti-Malware software.
2. Open Malwarebytes and click the Scan Now button or go to the Scan tab and click the Start Scan button.
3. When the Malwarebytes scan is complete click the Remove Selected button.
4. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer once promoted to do so in a pop-up message from Malwarebytes.
2. Scan your computer with HitmanPro
The second step to remove RAA ransomware and malicious traces from your computer is to download and install a second opinion scanner called HitmanPro by Surfright in order to perform a full system scan for malicious files.
1. Download and Install HitmanPro by Surfright.
2. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.
3. When the HitmanPro scan is complete click the Next button.
4. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.
5. Click the Reboot button.
3. Cleanup and repair settings with CCleaner
The third step to remove .RAA ransomware and malicious traces from your computer is to download and install CCleaner by Piriform in order to delete leftover junk files, tracking cookies, registry entries, unwanted start-up tasks, and more.
1. Download and Install CCleaner by Piriform.
2. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.
3. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.
4. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.