Demands $250, steals passwords for good measure
Bleeping Computer malware man Lawrence Abrams described the ransomware noting it is shipped as a JS file and uses the CryptoJS library for AES encryption.
“RAA is currently being distributed via emails as attachments that pretend to be doc files and have names like mgJaXnwanxlS_doc_.js,” Abrams says.
“When the JS file is opened it will encrypt the computer and then demand a ransom of about US$250 USD to get the files back.
“To make matters worse, it will also extract the embedded password stealing malware called Pony from the JS file and install it onto the onto the victim’s computer.”
The ransomware launches a word document that appears to be corrupted, and serves to distract users while the malware encrypts files.
No means yet exist for free decryption.