Cybercriminals generally spread ransomware through dodgy file attachments and links to fraudulent websites in emails. Often it’s in the form of a text file containing malicious scripts that make you download a software that will do the dirty work. But a new form of ransomware has cropped up and it come in the form of a JavaScript attachment pretending to be a document that starts encrypting files as soon as you run it. Here’s how to prevent yourself from becoming a victim of this new ransomware.
Ransomware image from Shutterstock
Ransomware in the form of a JavaScript attachments already exists and normally they would prompt your computer to download a piece of malware. This new form is especially dangerous because it doesn’t require additional downloads so it can act quickly to lock down a victim’s device. Security vendor Sophos spoke about a recent example of this kind of ransomware called JS/Ransom-DDL:
“The JavaScript doesn’t download the ransomware, it is the ransomware.
“… No additional software is downloaded, so once the JS/Ransom-DDL malware file is inside your network, it’s ready to scramble your data and pop up a ransom message all on its own.”
Not only does JS/Ransom-DDL encrypt files and demand a ransom to unlock them, it also deliberately installs a password stealing malware even after money has been paid and the files are decrypted. Like other JavaScript-based malware, The JS/Ransom-DDL is able to hide itself as a text file by capitalising on the fact that Windows doesn’t show file extensions by default (so a file can show up as ‘Invoice.txt’ even though it’s really ‘Invoice.txt.js’)
Sophos recommends taking the following steps to protect yourself against this kind of pure JavaScript:
- Configure Windows to show file extensions. This gives you a better chance of spotting files that aren’t what they seem.
- Consider configuring Windows to open JavaScript files with Notepad, not with WSH (Windows Script Host). This displays .JS files harmlessly as text rather than running them as programs.
You can find detailed instructions over at the Sophos Naked Security Blog.
Comments
5 responses to “How To Protect Yourself Against Pure JavaScript Ransomware Threats”
Nice article Panda, I’m checking my Java assotiations right now. Is there a replacement for Java on the horizon, sounds like it’s time to start winding it back.
despite their names JavaScript & Java have little in common.
JavaScript is used by your web browser to make webpages interactive and dynamic. A page like gmail for instance uses a lot of JavaScript to create a website that behaves like a program and which doesn’t need to reload pages for each change on the screen.
It is not likely to be disappearing any time soon.
Remember the rule: “Java is to Javascript what Car is to Carpet.”
https://www.java.com/en/download/faq/java_javascript.xml
Don’t confuse Java with JavaScript.
Nice article I have read one more informative article about javascript ransomware.