Ra Ransomware Removal Guide

Ra Ransomware is a malicious application that locks users’ personal files, so if you ever find your files encrypted, there is a huge possibility that you have become a ransomware victim. It is a new infection, but it does not differ much from older threats because it also locks files so that it would be easier to extract money from users. At the time of writing, this infection could not download the ransom note from its server, so specialists at 411-spyware.com suspect that it might still be in development. Of course, it will lock your files even if it does not work properly, so do not keep your system unprotected in order not to encounter it. In case you have already encountered it, it must be removed from the system as soon as possible, especially if the version of Ra Ransomware that creates a point of execution has slithered onto your computer. It is because it will start working on every system startup and you will find your files encrypted again even if you restore/unlock them. We are not going to lie – we cannot promise that you will find a way to unlock data encrypted by Ra Ransomware because this malicious application utilizes AES-128 and RSA-1028 to encrypted data on affected computers.

There are two different versions of Ra Ransomware, so how it works on the computer depends on the version a user encounters. The first version of this threat only encrypts personal files, drops a ransom note, creates a new folder KUAJW.exe, and then deletes itself, whereas the second one not only locks data, drops a ransom note, and creates %APPDATA%\KUAJW\KUAJW.exe, but also creates a copy of itself with a point of execution in HKCU\Software\Microsoft\Windows\CurrentVersion\Run. As a consequence, you will not disable it by restarting your computer. Speaking about files Ra Ransomware encrypts on affected computers, it locks pictures, music, documents, and many other files with a strong cipher and marks them with the .KUAJW filename extension. Names of all encrypted files are changed to a long string of random characters too, so we are sure it is impossible not to notice that files have been locked. If Ra Ransomware is the one that has encrypted data on your computer, you should also locate RaRansomware - Recovery instructions.html on your Desktop. At the time of research, the ransomware infection failed to download the content of the ransom note, so we cannot tell you how much the special decryptor that can unlock files costs, but we suspect that it is not cheap at all. You should never send your money to malicious software developers even if you need to unlock those affected files badly because you do not know whether you could unlock them after you send money to crooks.

We want to provide some information about the distribution of Ra Ransomware as well because some users might still be able to prevent this threat from entering their computers. Research conducted by our malware analysts has shown that this malicious application should be spread using standard distribution methods. To be more specific, cyber criminals should mainly spread it via emails as an ordinary email attachment. They usually do not look harmful at all, which is why so many users open them. Also, the ransomware infection might be downloaded by threats that are already active on the system, so keep your system clean. It would be best that you scan it with an antimalware scanner periodically. Last but not least, if you still tend to download software from random file-sharing websites, you should break this habit ASAP. It is not very likely that you could prevent all infections from entering your system illegally all alone, so do not forget to enable a security application on your PC as well.

The first thing you should do after you encounter Ra Ransomware is not paying money to cyber criminals. You must delete the ransomware infection ASAP instead. If you have never deleted any serious malware before, follow our instructions (see below), or acquire a powerful antimalware scanner and then launch it to perform an in-depth system scan.

Remove Ra Ransomware manually

1. Open Windows Explorer.
2. Remove the malicious file launched (check %USERPROFILE%\Desktop and %USERPROFILE%\Downloads).
3. Delete the copy of the malicious file from %APPDATA%\[appended extension]\[appended extension].exe.
4. Delete the ransom note dropped: RaRansomware - Recovery instructions.html.
5. Empty Recycle Bin.