Ransom32: JavaScript ransomware-as-a-service

The security researchers at Emsisoft have got a good write-up of Ransom32, a newly-discovered piece of ransomware.

Ransom32

Ransomware, of course, is nothing new. For some time computer users have been plagued with malware which encrypts their files or blocks access to devices, with demands that X number of bitcoin be paid for their release.

Ransom32 is not even different because it is "ransomware-as-a-service", online software that effectively puts the power to create ransomware into the hands of just about anyone - regardless of their technical know-how - if they are prepared to pay the price. Sadly, ransomware-as-a-service is nothing new.

What makes Ransom32 rather more interesting is that it is coded entirely using JavaScript, and as a consequence could be used to target not just Windows computers, but also those running Mac OS X and Linux.

By turning their ransomware into a sellable service, the criminals behind Ransom32 are providing an opportunity for other hackers to easily launch attacks that will encrypt users documents, personal photographs, movies and more... and then demand payment via anonymous Bitcoin to ensure the safe return of the otherwise unrecoverable data.

In other words, rather than build their own infrastructure, attackers can let Ransom32 do all the heavy lifting for them.

Showing entrepreneurial spirit, the creators of Ransom32 skim off 25% of any money successfully extorted for themselves.

Presently the attack appears to have been distributed via email, so once again users are advised to exercise great caution over what they run on their computers - especially if it arrives via unsolicited email.

Of course, it's always sensible to ensure that you have backups of your important data - so that if the worst should happen you can recover without having to pay any money to the extortionists.

As is often the case, the oldest rules of safe computing are often the wisest. Back up your important data, as it's better to be safe than sorry. I believe that online extortion will be a growing problem in 2016, so take steps to minimise the risks now.

Learn more about Ransom32 on the Emsisoft blog.

Have you ever been hit by ransomware?

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

3 Responses

  1. Tan

    January 6, 2016 at 2:04 am #

    So the recommended way to deal with ransomware is to refresh my PC? Is that way to remove it? Sometime thing like this may happen to people who didn't do backup, then they have to choose between paying the money or losing their data.

    • Simon in reply to Tan.

      January 6, 2016 at 10:29 am #

      And in some cases, paying a ransom doesn't necessarily guarantee their files back either.

      Paying them only encourages their behaviour…

      It's unfortunate for those who are not tech savvy, who are unlikely to have any form of backup and are also aware that these things happen.

      Those who aught know better have no excuse for not being proactive.

      • No name in reply to Simon.

        April 19, 2016 at 12:56 am #

        Simon, Good. If you get a virus, you should take it to your local tech shop. For me, it's tech guru.

Leave a Reply