Hacked: Hacking Finance

JavaScript-based Ransom32 Makes Ransomware Easier Than Ever

Introduction

P. H. Madore

P. H. Madore

P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and is currently nearing the completion of a cryptocurrency exchange in concert with the firm he primarily works for, Vermont Secure Computing Consultancy.


LATEST POSTS

ICO Analysis: Power Ledger 15th July, 2017

ICO Analysis: Mothership 13th July, 2017

Cybersecurity

JavaScript-based Ransom32 Makes Ransomware Easier Than Ever

Posted on .
This article was posted on Sunday, 22:43, UTC.

Ransomware has traditionally involved advanced exploitation of desktop vulnerabilities, gaining the Windows equivalent of root, and encrypting the file system in such a way that the user can only get out of it by making a payment. Police departments, along with thousands of everyday users, have been impacted. Often in the case of police departments, phishing was involved.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Thanks to the recent advances in JavaScript’s viability as a platform, as evidenced by what seems to be daily new additions to the JavaScript framework market – Angular.js, Node.js, and so forth – a new Ransomware is on the scene which allows the operator to very quickly and easily deploy the malware. They even have a dashboard which enables them to designate the Bitcoin address to which the ransom can be sent as well as how much they will ask for. The dashboard also has statistics, telling the malevolent actor exactly how much they have made from their endeavor.

Ransom32 relies on a fork of Node.js known as NW.js. After the malware pusher has configured and downloaded an archive of the software, they are presented with some files that they then must get deployed on target systems. This can be the difficult part, especially with this particular piece of software, which clocks in at more than 20 megabytes. The victim will have to be somewhat dedicated in getting hold of it, but this can be achieved with relative ease if phony downloads of popular things are used. One idea to deploy this might be to simply make it seem to be a movie or something on a Torrent site.

Also read: U.S. Senators Seek Answers From Feds On Ransomware Attacks Against Government Agencies

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Ransom32 does not affect Mac or Linux users as it relies on the easy execution of an .exe file to achieve its ends. This is not to imply that the software cannot be ported to other desktop environments. Part of its success is that it’s utilizing JavaScript, which is a web-native language that exists literally everywhere. JavaScript used to be for simply things like tracking downloads and warning users of certain things on web forms, in the early days.

But now it’s grown into a much more formidable language, in some ways comparable to more advanced languages like C++. This trend doesn’t seem to be going anywhere, so readers are advised to continually be careful about browser extensions and downloads, even if it’s just JavaScript. Most browsers have an option to not enable JavaScript and other things by default, and in these times, it wouldn’t exactly be extreme to simply enable extra things manually for each site.

For a more in-depth look at Ransom32, check out this blog post by Emisoft, which also happens to provide antivirus software for Windows that inoculates against Ransom32 among a host of other things. From there:

We consider ransomware one of the biggest threats of the past year and plan to do our best to continue our excellent track record in the next year, to keep our users as protected as possible.

The standard recommendation should also be added here: in 2016, you do not have to use Windows to get work done. It is quickly becoming the platform of gamers, not workers, and your choices are myriad.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Receive New Posts on Email:



P. H. Madore

P. H. Madore

http://phm.link

P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and is currently nearing the completion of a cryptocurrency exchange in concert with the firm he primarily works for, Vermont Secure Computing Consultancy.

Comments
  • user

    AUTHOR Christian

    Posted on 12:39 am January 6, 2016.

    Note, the threat was discovered and analyzed by Emsisoft, not Emisoft.

  • user

    AUTHOR Ashley Sheridan

    Posted on 10:53 pm January 7, 2016.

    Your article seems to be very confused between Javascript executed in the browser and that executed elsewhere, like within a Node server. Turning off Javascript execution in your browser will do absolutely nothing if you’ve downloaded a malicious torrent with this payload.

  • View Comments (2) ...
    Navigation
    An activist hacking group who call themselves New World Hacking…