How To Protect Yourself Against Pure JavaScript Ransomware Threats

Cybercriminals generally spread ransomware through dodgy file attachments and links to fraudulent websites in emails. Often it’s in the form of a text file containing malicious scripts that make you download a software that will do the dirty work. But a new form of ransomware has cropped up and it come in the form of a JavaScript attachment pretending to be a document that starts encrypting files as soon as you run it. Here’s how to prevent yourself from becoming a victim of this new ransomware.

Ransomware image from Shutterstock

Ransomware in the form of a JavaScript attachments already exists and normally they would prompt your computer to download a piece of malware. This new form is especially dangerous because it doesn’t require additional downloads so it can act quickly to lock down a victim’s device. Security vendor Sophos spoke about a recent example of this kind of ransomware called JS/Ransom-DDL:

“The JavaScript doesn’t download the ransomware, it is the ransomware.
“… No additional software is downloaded, so once the JS/Ransom-DDL malware file is inside your network, it’s ready to scramble your data and pop up a ransom message all on its own.”

Not only does JS/Ransom-DDL encrypt files and demand a ransom to unlock them, it also deliberately installs a password stealing malware even after money has been paid and the files are decrypted. Like other JavaScript-based malware, The JS/Ransom-DDL is able to hide itself as a text file by capitalising on the fact that Windows doesn’t show file extensions by default (so a file can show up as ‘Invoice.txt’ even though it’s really ‘Invoice.txt.js’)

Sophos recommends taking the following steps to protect yourself against this kind of pure JavaScript:

  • Configure Windows to show file extensions. This gives you a better chance of spotting files that aren’t what they seem.
  • Consider configuring Windows to open JavaScript files with Notepad, not with WSH (Windows Script Host). This displays .JS files harmlessly as text rather than running them as programs.

You can find detailed instructions over at the Sophos Naked Security Blog.

[Via Sophos Naked Security Blog]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


5 responses to “How To Protect Yourself Against Pure JavaScript Ransomware Threats”