Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Ransomware Ransom32 Uses Javascript to Infect

Researchers have found one fresh kind of ransomware, one never-like-before, which uses JavaScript for contaminating PC-operators. The malware is created over a platform known as NW.js earlier called Node-WebKit. The platform is highly powerful which lets programmers to design applications for the desktop through Node.js components. Cross-platform contaminations are enabled with the NW.js platform; not only that, it also implies that detection of NW.js framework is difficult.

The new ransomware called Ransom32 is infecting people's PCs followed with encrypting their files. There's certain similarity between Ransom32 and CryptoLocker. The former is described as Ransomware-as-a-Service. Anybody can buy it from underground forums. Customized editions of it are on offer for a price that's 25% retention from the money that would get generated.

In a blog post, Fabian Wosar Security Expert with Emsisoft explains that Ransom32 holds great significance because of the extraordinarily big-sized (22MB) files that are also complex and sinister, get downloaded during the process of infection.

Wosar further explains that the way Ransom32 gets disseminated is indeed an unusual technique not only for any malware but for Ransom32 tool, thus not making Ransom32 any unique in that sense. Softpedia.com reported this, January 3, 2016.

Moreover according to Wosar, when Ransom32 starts its infection process, it's not anything extraordinary, involving slightly beyond utilizing spam mails as bait for getting victims to load the malware. Ransom32 is served like one zipped RAR file that unzips of its own. It also utilizes the scripting language of WinRAR for configuring itself so it would become active during system booting. The malware then links up with its command-and-control infrastructure with the help of the packaged Tor software. Subsequently, it encrypts the files while issues a ransom demand threatening that delay in decrypting the files would escalate the cost.

To encrypt RAR files, AES is used that contains one 128-bit key while utilizes the CTR block mode. Every file is decrypted with one fresh key whose encryption depends on RSA algorithm. There's also one public key which's acquired from the C&C infrastructure at the time of initial communication.

Notably, various Ransom32 editions for Windows have been observed on the Web.

ยป SPAMfighter News - 1/7/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page