New (Windows) ransomware strain coded entirely in Javascript

BBC ^ | June 20, 2016

[Swordmaker]

The script is disguised as a document

Security researchers have discovered a new strain of ransomware coded entirely in Javascript, which could increase its chances of being activated. Unlike executable program files, Javascript documents do not always trigger a security warning on Windows or require administrator access to run.

Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened.

One security expert said the approach was likely to fool many victims. "It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners.

"Using Javascript as an attachment to an email is likely to result in many victims accidentally installing it."

[Huntress]

Bump.

[Teacher317]

Why aren’t the penalties for the authors of such useless maliciousness far far harsher?

[Swordmaker]

You mean like drawing and quartering them? Personally, I think that’s too mild. The problem is it’s an international crime which takes place in a virtual crime scene. What they steal is really never removed from your premises, and has no physical existence: it’s virtual property. Often, the victim did the damage themselves by installing something. The victims are in the USA, the ones committing the crime are in Siberia or China or Nigeria, or somewhere else equally untraceable and inaccessible, and they demand their payoff in untraceable, instantly transferable, virtual money, bitcoins. How do you find them, much less arrest them?

[NoLibZone]

Easy to add a Registry entry to prevent JS from running outside of a browser.

[raybbr]

Does that fix work for all users out do you have to do that for every user?

[Fresh Wind]

They’re in Russia, therefore untouchable.

[A Cyrenian]

bttt

[rarestia]

Yes, let’s trash the entire Windows platform because a group of idiots code a PLATFORM AGNOSTIC ransomware app in a popular web scripting language. Bravo. That’s the way to go!

[AppyPappy]

Change .js files to open in Notepad.

[AppyPappy]

A user who is too stupid to keep Windows secure is not going to last a week using Linux.

[arl295]

Since it is in the local machine key, I would say it is for all users of that machine

[rarestia]

I’m a Microsoft (certified) engineer and work a lot in RHEL and Debian, and even though I check netstat, top, and iptables on a regular basis, I still worry about whether or not I’ve secured my Linux servers.

[mad_as_he$$]

bkmk

[GingisK]

Same problem. They broke the “sandbox”.

[Excellence]

I never download email to my computer; it’s on Microsoft’s server. Does that make a difference?

[JimRed]

Don’t open unknown attachments. Don’t trust known attachments without confirming the source.

[raybbr]

Yes, it is. I tested it on other user accounts.

BTW, does anyone know how/if this would affect Windows phones?

[sagar]

The “entire Windows Platform” is a giant ransomware. Businesses are losing billions because they cannot escape it once they get into it. How many are still running IE6/Win7? Talk about throwbacks.

[rarestia]

...giant ransomware? What’s your angle? Microsoft is hands down the largest operating platform for business.

IE6? Microsoft stopped supporting anything earlier than IE10 last year. What are you on about? Do you understand production support lifecycle at all?

[GOPJ]

Do you know if my ‘noscript’ will stop this from infecting my computer?