System Force I.T.

RANSOM32 – The First Javascript Ransomware

Ransom32, the first Javascript ransomware for Windows, Mac and Linux.











Ransomware has been the cause of a lot of grief over the past year. It’s a nasty piece of software that encrypts files on your systems and then threatens the users that their data will be lost forever, unless they pay a ransom. And like a normal virus, they keep evolving.

Now, with a New Year comes a new version, Ransom32. This version is written in Javascript and can infect systems that not only run Windows, but also Mac OS X and Linux.

Ransome32 is quite different from the usual Ransomware programs. This program can actually be utilized by anyone who knows how to access hidden servers in the Tor network, and a simple Bitcoin address can be used to be able to sign up and make their own version of the ransom program.

Operators of the program are given a control center where they can see statistics, like how many people have paid up, and how much money has been sent so far. They can also configure their own variant of the program, setting the ransom amount they want, set custom messages and set how they want their victims’ computer to operate once the software has been launched.

The program will then be distributed via the usual method: spam emails. Packaged as a RAR file, the archive will extract all by itself, utilizing WinRAR’s scripting language in order to make the malicious program always launch at startup, and execute the files inside it, successfully locking up a victim’s computer using a 128-bit AES encryption.

Aside from the usual threatening message displayed on a victim’s computer, the program also has the ability to raise the cost of the payment needed in order to unlock a user’s files.

As of the moment, only Windows variants of the ransomware have been seen in the wild, but with the software running on a NW.js framework, it can also run on the two other operating systems.

It helps if a user has a backup of his/her computer files, as using programs to remove this software after it has encrypted the files can result in their permanent damage. A further benefit would be an off-site backup as this would further protect your data. It is also very advisable to keep antivirus software up-to-date. And most of all, be wary in opening email attachments that look too suspicious.

For more information and advice on off-site/remote backups, anti-virus and internet security, talk to our service team on 0845 8620066. System Force IT offer a wide choice of backup solutions both on-site and to the cloud as well as anti-malware and anti-virus solutions to help secure your business data.