A new ransomware has been discovered to be spread via malicious email attachments, calling itself RAA (with references to "RAA-SEP" in the code). Credit to @JAMES_MHT and @benkow_ for helping discover this.
The victim's files are encrypted using AES, and have the extension ".locked" appended. The following message is displayed to the victim with the filename "!!!README!!!<ID>.rtf", asking the victim to contact the email address firstname.lastname@example.org.
The following extensions are targeted.
.doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar, .csv
If a path contains any of the following strings, it will be skipped.
Windows, RECYCLER, Program Files, Program Files (x86), Recycle.Bin, APPDATA, TEMP, ProgramData, Microsoft
Shadow Copies are confirmed to be deleted.
If you or someone you know has been affected by this ransomware, please post here and stay tuned for any possible developments.