Ransom32 Is a JavaScript-Based Ransomware That Uses Node.js to Infect Users

Softpedia ^ | 3 Jan 2016, 14:54 GMT | Catalin Cimpanu

[Utilizer]

A new type of ransomware has been spotted, the first of its kind, a ransomware that uses JavaScript to infect its users, being coded on top of the NW.js platform.

NW.js, formerly known as Node-WebKit, is a powerful platform that allows developers to create desktop applications via Node.js modules. The platform lets programmers use JavaScript in the same way, and with the same power and reach inside the underlying operating system's guts, as other more powerful languages like C++, Delphi, Java, ActionScript, and C#.

If the name hasn't tipped you off yet, NW.js uses a stripped down version of WebKit, the same layout engine used in Chrome, Safari, and Opera, but without many of its limitations. While browsers limit what JavaScript code can do, NW.js removes these limits and allows JS developers to interact with the OS itself.

NW.js can run on all three major operating systems, meaning that ransomware coded to work on top of it would theoretically be able to target all operating systems at once.

[Utilizer]

A multi-OS ransomware threat?

[Utilizer]

Ping...

[Utilizer]

Dunno if this of interest to you, mate, but just in case... ping.

[LowOiL]

Well what do you know, a use for bitcoins other than buying drugs. To pay off your ransomware virus fees.

[Swordmaker]

Aw, THIT! Another means of invading all of our platforms, Windows, Macs, Android, and iOS utilizing JAVA script. . . which can work through a browser all the way into the OS. NOT GOOD, AT ALL. Damn! -- PING!

Pinging Shadow Ace and Thunder Sleeps for their lists.

SECURITY
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

[Swordmaker]

TURNING OFF JAVASCRIPT

In iOS. . . Safari

Go to Settings/ Safari / Advanced. Turn off JavaScript.

In OS X Safari

Open Safari

Click on Safari Prefernces

Select Security Tab

Uncheck "Enable JavaScript"

Close Preferences pane.

In Windows Safari

Open Windows Safari

Click on the Tools Button icon Tools Button at the top-right of the app window

Click on the Preferences menu item

Click on the Security icon

Un-check the Enable JavaScript option.

Close the Preferences window and restart Safari.

[Jeff Chandler]

Seriously? Disable javascript? What, are we back to HTML 2.0?

[Swordmaker]

Turning JavaScript off in Windows Chrome:

Right click the Google Chrome icon in your desktop, then click Properties.

2. Click Shortcut tab.

3. Add -disable-javascript parameter in the Target field.

4. Click the OK button.,

Turning JavaScript off in Apple OS X Chrome:

Go to this link and follow the steps shown to turn off JavaScript in Apple OS X

[Swordmaker]

Seriously? Disable javascript? What, are we back to HTML 2.0?

It may be necessary until they get a handle on blocking this All Platform Ransomeware exploit.

[Jeff Chandler]

You are telling everyone to browse without javascript?

[Jeff Chandler]

Don’t worry, Dude. Apple products are immune to exploits, aren’t they? I mean, you don’t need an antivirus program, so don’t worry.

[TheCipher]

Wouldn’t it be safer to just not run as administrator ( which you should never do - always run with non admin privileges ) in the first place instead of disabling javascript ?

[Swordmaker]

Currently, only Windows machines have been infected, but we may be one update cycle away from seeing the first truly cross-OS ransomware family.

[some tech guy]

You run node server-side, well. It ain’t rails or jetty, that’s for sure.

Let alone IIS.

[Jeff Chandler]

Wouldn’t it be safer to just not run as administrator

And use an antivirus program.

Oh, Mac doesn't need an antivirus program. Just browse without JavaScript.

[Swordmaker]

You are telling everyone to browse without javascript?

Yes, I am. Currently, this exploit is only in the wild for Windows, but it works through browsers, and will not give any privilege escalation, but it could steal user's passwords, data, and other critical information.

Even though on a Mac the Browser operates in a sandbox, the browser can call passwords from the keychain and auto fill user data into fields. This exploit could conceivably cause your browser to navigate to a malicious website with appropriate fields to be auto-filled, do so, then call passwords for commonly visited websites in your bookmarks and harvest them.

[Swordmaker]

Wouldn’t it be safer to just not run as administrator ( which you should never do - always run with non admin privileges ) in the first place instead of disabling javascript ?

Always. But this doesn't matter for what it does. It works through the browsers using JavaScript and it isn't intended to install malware. It is a script the browsers are supposed to run. . . But this one can do things other scripts aren't permitted to do.

[Jeff Chandler]

Turn off javascript? Might as well turn off css.

[Jeff Chandler]

Hey, I don’t suppose this is the virus which infected the FreeRepublic servers and made it put out weird characters?

[Swordmaker]

Hey, I don’t suppose this is the virus which infected the FreeRepublic servers and made it put out weird characters?

Would it be that simple. Sadly, it's not.