Ransom32 Is A New Kind Of Ransomware-As-A-Service Based On Javascript

Ransomware-as-a-service is a relatively new method for cybercriminals to take targeted PCs hostage and demand payment from their owners to recover the files on-board. There have been a few recorded attacks that use this delivery model but a recent type of ransomware-as-a-service, Ransom32, is a little different, mainly because it’s Javascript-based which has wider implications for the security community.

IT picture from Shutterstock

In a blog post, security vendor Emsisoft claims that Ranson32 is the first Javascript ransomware and provides an easy web interface for cybercriminals to sign up to the service, deploy attacks and manage payments from the unfortunate users whose PCs have been held to ransom.

The delivery process is also fairly streamlined. Once a user is tricked into downloading an infected package, it will automatically unpack the content in the computer’s temporary files directory and execute the “chrome.exe” file in the archive. This “chrome.exe” file is packaged in NW.js, a framework based on Node.js which is used by developers to make Windows, Linux and Mac OS X applications in Javascript.

While NW.js is a great tool for developers to make cross platform applications, it also means that, theoretically, attackers could easily package the ransomware for all three operating systems, according to Emsisoft.

Ransom32 uses 128-bit AES encryption to lock up a target’s files and can enable the decryption of one single file to prove to victims that their files are recoverable, making people more inclined to fork out the ransom.

One way to spot Ransom32 is by its relatively large file size. It’s 22MB which is larger than most ransomware-infected packages being used today. The best way to protect yourself against these kinds of attacks is to have a robust backup strategy so even if your computer is held hostage you can rest assured that you still have possession of your precious files.

You can visit the Emsisoft blog post for more details on how Ransom32 works.

[Via Emsisoft Blog]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


3 responses to “Ransom32 Is A New Kind Of Ransomware-As-A-Service Based On Javascript”