Ransom32 Is A New Kind Of Ransomware-As-A-Service Based On Javascript

Ransom32 Is A New Kind Of Ransomware-As-A-Service Based On Javascript

Ransomware-as-a-service is a relatively new method for cybercriminals to take targeted PCs hostage and demand payment from their owners to recover the files on-board. There have been a few recorded attacks that use this delivery model but a recent type of ransomware-as-a-service, Ransom32, is a little different, mainly because it’s Javascript-based which has wider implications for the security community.

IT picture from Shutterstock

In a blog post, security vendor Emsisoft claims that Ranson32 is the first Javascript ransomware and provides an easy web interface for cybercriminals to sign up to the service, deploy attacks and manage payments from the unfortunate users whose PCs have been held to ransom.

The delivery process is also fairly streamlined. Once a user is tricked into downloading an infected package, it will automatically unpack the content in the computer’s temporary files directory and execute the “chrome.exe” file in the archive. This “chrome.exe” file is packaged in NW.js, a framework based on Node.js which is used by developers to make Windows, Linux and Mac OS X applications in Javascript.

While NW.js is a great tool for developers to make cross platform applications, it also means that, theoretically, attackers could easily package the ransomware for all three operating systems, according to Emsisoft.

Ransom32 uses 128-bit AES encryption to lock up a target’s files and can enable the decryption of one single file to prove to victims that their files are recoverable, making people more inclined to fork out the ransom.

One way to spot Ransom32 is by its relatively large file size. It’s 22MB which is larger than most ransomware-infected packages being used today. The best way to protect yourself against these kinds of attacks is to have a robust backup strategy so even if your computer is held hostage you can rest assured that you still have possession of your precious files.

You can visit the Emsisoft blog post for more details on how Ransom32 works.

[Via Emsisoft Blog]


  • Hi Panda, thanks for this. We’ve been hit by ransomware multiple times last year, and have always had to revert to backups. We’ve educated our users and they’re getting a lot better at spotting these (AusPort and AFP were the two big ones last year), but as you and the Emisoft guys point out it, there seems to be no technology solution for blocking this stuff, short of locking down your environment so as to be unusable. So always on the lookout for updates, thanks again!

Show more comments

Comments are closed.

Log in to comment on this story!