You are here
Home > Latest Posts > Latest News > Ransom32 : The first javascript ransomware risks Windows, Mac and Linux

Ransom32 : The first javascript ransomware risks Windows, Mac and Linux

ransom32_message-730x456

This screenshot says everything , yes ransomware32 ! A dangerous ransomware that risks Windows , Mac and Linux .

It is a software that encrypt files on a Windows system, and then threaten users that their data will be lost forever, unless they pay up . It is not a new thing for cyber world , but now it  targeting a wider range of computers.

According to a security expert from  Emsisoft Ransom32 functions quite differently compared to the usual ransomware programs.

How it works :

At first glance Ransom32 looks like a dime a dozen among many similar malware campaigns. Signups are handled via a hidden server in the Tor network. A simple Bitcoin address where you want the funds generated by your ransomware to be sent to is enough to signup.After you type in your Bitcoin address, you will get access to the rudimentary administration panel. In the admin panel, you can get various statistics, like for example how many people already paid or how many systems were infected. You can also configure your “client”, which is their term for the actual malware. It is possible to change the amount of Bitcoins the malware will ask for, as well as configure parameters like fake message boxes the malware is supposed to show during install.A click on “Download client.scr” will then generate the malware according to the specifications and will start the download of the more than 22 MB large malware file. At this point it becomes evident that Ransom32 is very different to other ransomware, which rarely exceed 1 MB in size. In fact, most ransomware authors use the small size of their malicious files as some kind of unique selling point when advertising their campaigns in underground hacker communities. Ransom32 definitely had our interest.

The best protection remains a solid and proven backup strategy which helps you to get rid of malicious activities of ransomware.

Roger

He is CTO of Fenêtre internet applications and co-owner of Keen On Apps (www.keenonapps.nl), both located in The Netherlands. Roger is the face behind WinCentral’s Windows Phone app and writes interesting articles on WinCentral when he gets time from donning the role of CTO of his company.
Write to him at Email: [email protected]

Top