Ransomware scum build weapon from JavaScript

Ransomware scum build weapon from JavaScript

Demands $250, steals passwords for good measure

 

ransomware

 

New ransomware written entirely in JavaScript has appeared encrypting users files for a US$250 (£172, A$336) ransom and installing a password-stealing application.

Researchers @jameswt_mht and @benkow_ found the ransomware they dubbed RAA.

Bleeping Computer malware man Lawrence Abrams described the ransomware noting it is shipped as a JS file and uses the CryptoJS library for AES encryption.

“RAA is currently being distributed via emails as attachments that pretend to be doc files and have names like mgJaXnwanxlS_doc_.js,” Abrams says.

“When the JS file is opened it will encrypt the computer and then demand a ransom of about US$250 USD to get the files back.

“To make matters worse, it will also extract the embedded password stealing malware called Pony from the JS file and install it onto the onto the victim’s computer.”

The ransomware launches a word document that appears to be corrupted, and serves to distract users while the malware encrypts files.

Microsoft in April warned of a spike in malicious JavaScript email attachments shortly before virus writers behind Locky sent their ransomware in that format.

Trend Micro researchers say Locky and RAA use JavaScript files also as malware downloaders which obtain and install a malware.

“The RAA ransomware is considered unique because it’s rare to see client-side malware written in web-based languages like JavaScript, which are primarily designed to be interpreted by browsers,” they say . “… users are advised to avoid opening attachments with the filenames mentioned above, even if they’re enclosed in a .zip archive.”

No means yet exist for free decryption.

[The Register]

June 21, 2016 / by / in , , , , , , , , , ,

Leave a Reply

Show Buttons
Hide Buttons

IMPORTANT MESSAGE: Scooblrinc.com is a website owned and operated by Scooblr, Inc. By accessing this website and any pages thereof, you agree to be bound by the Terms of Use and Privacy Policy, as amended from time to time. Scooblr, Inc. does not verify or assure that information provided by any company offering services is accurate or complete or that the valuation is appropriate. Neither Scooblr nor any of its directors, officers, employees, representatives, affiliates or agents shall have any liability whatsoever arising, for any error or incompleteness of fact or opinion in, or lack of care in the preparation or publication, of the materials posted on this website. Scooblr does not give advice, provide analysis or recommendations regarding any offering, service posted on the website. The information on this website does not constitute an offer of, or the solicitation of an offer to buy or subscribe for, any services to any person in any jurisdiction to whom or in which such offer or solicitation is unlawful.