Meet Ransom32, the first Javascript ransomware for Windows, Mac, and Linux

Antivirus

Na parádu ...

Enter Ransom32, one of the newest ransomware for the New Year. The program is written in Javascript, running on the NW.js platform, and can infect systems running on Windows, Mac OS X, or Linux. It is also dubbed as a “ransomware-as-a-service,” a play from SaaS or “Software as a Service.”

Initially analyzed by security expert Fabian Wosar from Emsisoft, Ransom32 functions quite differently compared to the usual ransomware programs. This program can actually be utilized by anyone who knows how to access hidden servers in the Tor network, and a simple Bitcoin address can be used to be able to sign up and make their own version of the ransom program.

 

Ransom32 Control Center Operators of the program is given a control center where they can see statistics, like how many people have paid up, and how much money has been sent so far. They can also configure their own variant of the program, setting the ransom amount they want, set custom messages and set how they want their victims’ computer to operate once the software has been launched.

The program will then be distributed via the usual method: spam emails. Packaged as a RAR file, the archive will extract all by itself, utilizing WinRAR’s scripting language in order to make the malicious program always launch at startup, and execute the files inside it, successfully locking up a victim’s computer using a 128-bit AES encryption.

It will encrypt data on a computer with file extensions such as .jpeg, .mp3, .mov, .mp4, .docx, .csv, .xlsx, .xml, .dat, and .pptx, among many others.

Aside from the usual threatening message displayed on a victim’s computer, the program also has the ability to raise the cost of the payment needed in order to unlock a user’s files.

As of the moment, only Windows variants of the ransomware have been seen in the wild, but with the software running on a NW.js framework, it can also run on the two other operating systems.

As per usual, it helps if a user has a backup of his/her computer files, as using programs to remove this software after it has encrypted the files can result in their permanent damage. It is also very advisable to keep antivirus software up-to-date. And most of all, be wary in opening email attachments that look too suspicious.

 

http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/