Ransom32: JavaScript ransomware-as-a-service

Graham Cluley

Ransom32: JavaScript ransomware-as-a-service

The security researchers at Emsisoft have got a good write-up of Ransom32, a newly-discovered piece of ransomware.

Ransom32

Ransomware, of course, is nothing new. For some time computer users have been plagued with malware which encrypts their files or blocks access to devices, with demands that X number of bitcoin be paid for their release.

Ransom32 is not even different because it is “ransomware-as-a-service”, online software that effectively puts the power to create ransomware into the hands of just about anyone – regardless of their technical know-how – if they are prepared to pay the price. Sadly, ransomware-as-a-service is nothing new.

What makes Ransom32 rather more interesting is that it is coded entirely using JavaScript, and as a consequence could be used to target not just Windows computers, but also those running Mac OS X and Linux.

By turning their ransomware into a sellable service, the criminals behind Ransom32 are providing an opportunity for other hackers to easily launch attacks that will encrypt users documents, personal photographs, movies and more… and then demand payment via anonymous Bitcoin to ensure the safe return of the otherwise unrecoverable data.

In other words, rather than build their own infrastructure, attackers can let Ransom32 do all the heavy lifting for them.

Showing entrepreneurial spirit, the creators of Ransom32 skim off 25% of any money successfully extorted for themselves.

Presently the attack appears to have been distributed via email, so once again users are advised to exercise great caution over what they run on their computers – especially if it arrives via unsolicited email.

Of course, it’s always sensible to ensure that you have backups of your important data – so that if the worst should happen you can recover without having to pay any money to the extortionists.

As is often the case, the oldest rules of safe computing are often the wisest. Back up your important data, as it’s better to be safe than sorry. I believe that online extortion will be a growing problem in 2016, so take steps to minimise the risks now.

Learn more about Ransom32 on the Emsisoft blog.

Have you ever been hit by ransomware?

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Ransom32: JavaScript ransomware-as-a-service”

  1. So the recommended way to deal with ransomware is to refresh my PC? Is that way to remove it? Sometime thing like this may happen to people who didn't do backup, then they have to choose between paying the money or losing their data.

    1. And in some cases, paying a ransom doesn't necessarily guarantee their files back either.

      Paying them only encourages their behaviour…

      It's unfortunate for those who are not tech savvy, who are unlikely to have any form of backup and are also aware that these things happen.

      Those who aught know better have no excuse for not being proactive.

      1. Simon, Good. If you get a virus, you should take it to your local tech shop. For me, it's tech guru.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES