Monday, January 4, 2016

Ransom32 JavaScript-Based Ransomware

Security company Emsisoft warns about a new JavaScript-based ransomware. Fabian Wosar from Emsisoft says that a new ransomware family called Ransom32 is using the NW.js platform for infiltrating the victims' computers and encrypting their files with AES encryption.

"NW.js is essentially a framework that allows you to develop normal desktop applications for Windows, Linux and MacOS X using JavaScript. It is based upon the popular Node.js and Chromium projects. So while JavaScript is usually tightly sandboxed in your browser and can’t really touch the system it runs upon, NW.js allows for much more control and interaction with the underlying operating system, enabling JavaScript to do almost everything “normal” programming languages like C++ or Delphi can do. The benefit for the developer is that they can turn their web applications into normal desktop applications relatively easily. For normal desktop application developers it has the benefit that NW.js is able to run the same JavaScript on different platforms." At the moment only Windows appears to be targetted but at least in theory it could be packaged for Linux and Mac OS X too.

The best way to protect from ransomware is to have proper backups regularly made of all important files. These should be stored on a disconnected device since a lot of ransomware targets backups specifically. Good option is for example an external hard drive that is usually detached the system.


The Emsisoft blog post can be read here.

No comments: