Rapid RaaS

What is Rapid RaaS?

Windows users need to reinforce the protection of their operating systems because Rapid RaaS threats might start popping up from left and right. At the moment, this ransomware-as-a-service is still being developed, but it might be a matter of time before third parties purchase the code and start developing their unique versions of the Rapid Ransomware. This threat – as well as the newer variant, Rapid 2.0 Ransomware – has been analyzed by our research team. Based on the previous research of these threats, Anti-Spyware-101.com analysts have an idea of how new versions could behave. If you are interested in learning more about this, please continue reading. Our research team also offers a guide that shows the basic steps that you might have to take to delete Rapid RaaS. We also discuss ways to protect systems and files against this and other file-encryptors. Please continue reading, and then use the comments section to post comments and start discussions if you want that.

How does Rapid RaaS work?

Considering that Rapid Ransomware and Rapid 2.0 Ransomware were found spreading with the help of spam emails, it is likely that Rapid RaaS infections would spread using the same method too. How does this work? Cyber attackers can obtain emails, for example, from parties who operate phishing attacks. Email addresses are often leaked during massive data breaches too. Overall, obtaining your email address is not the hard part. The hard part is tricking you into opening a corrupted link or file attachment sent via spam, an action that allows Rapid RaaS to execute. The email has to look convincing, and so everything from the subject line to the email address has to be deliberated carefully. If the spam email is misleading enough, the user is tricked into executing the threat without even realizing it. Of course, if the user suspects that something is wrong, they might be able to delete the launcher in time. What about copies? It was found that some variants of the infection can create copies silently, and if they are not removed, the infection runs without disturbance.

Once in place, Rapid RaaS is meant to encrypt files. It is not known which encryption algorithms could be employed (most likely, AES-256), but unique extensions should be appended to the corrupted files. Rapid Ransomware, for example, added “.rapid” to all corrupted files. Unfortunately, decrypting files manually is not possible as free decryptors do not work. When it comes to restoring files from backup, you should do that only after you remove Rapid RaaS, and you will be able to restore files only if they are stored online or on external drives. Relying on the internal system backup is a bad idea because some variants can use the “/c vssadmin.exe Delete Shadows /All /Quiet” command to delete shadow volume copies. The infection is meant to back the victim into a corner and convince them that they have no other option but to email the creator of malware. The samples tested in our internal lab used TXT files to introduce victims to supp1decr@cock.li, supp2decr@cock.li, rapid@rape.lol, and rapid@airmail.cc email addresses. It was suggested that if users emailed these, they would get instructions on how to restore files. The instructions, of course, included paying money in return for alleged decryption tools.

How to delete Rapid RaaS

Can the victims of Rapid RaaS infections recover their files through decryption? That is highly unlikely to be the case, even when ransom payments are made in return for decryptors. Unfortunately, once files are encrypted, they are stuck. The instructions you can find below show a very basic list of components that the devious ransomware might create. We cannot guarantee that you would successfully remove Rapid RaaS using this guide. Hopefully, you can use it successfully. The good news is that this is not your only option. In fact, there is a better option: To install anti-malware software. As long as it is legitimate, trustworthy, and up-to-date, it should automatically find and remove all malicious components that belong to malware. Afterward, it would protect you against other threats, which is one of the most important reasons for you to install it. As for files, while they might have been lost for good, you want to make sure that your files are protected in the future, and you can take care of that by backing them up.

Removal Instructions

1. Delete any recently downloaded suspicious files.
2. Tap Ctrl+Alt+Delete and click Start Task Manager.
3. Click the Process tab.
4. If you find malicious processes, end them, BUT before that, right-click and choose Open file location to find malicious .exe files.
5. Once you end the malicious processes, Delete the malicious .exe files.
6. Delete ransom note files.
7. Empty Recycle Bin and use a malware scanner to complete a system scan and check if malicious leftovers exist. Download Removal Tool100% FREE spyware scan and
   tested removal of Rapid RaaS*