Malware

Ransomware as a Service at its best: Ransom32

Ransom32
Written by Hasan EKSI

Meet the first ransomware of 2016: Ransom32

Researchers at Emisoft have discovered a new malware called Ransom32. It turns out Ransom32 is not only the first ransomware in 2016 but also the first kind of ransomware variant that has been developed in JavaScript. The way it works is nothing different from a regular ransomware. I won’t go into technical details as it is well explained by Emsisoft. So there is nothing much of a change in terms of “victim experience”. However, it certainly provides an easy to use platform to would-be cyber criminals.

What makes Ransom32 special?

Ransom32 uses the NW.js platform which is a legitimate JavaScript framework for app development based on Node.js and Chromium. It allows developers to create native applications for Linux, Mac, and Windows using HTML5, CSS3, and Javascript. Since NW.js is a legitimate framework, it is difficult to rely on signature-based detection.

NW.js allows for much more control and interaction with the underlying operating system (OS), enabling JavaScript to do almost everything ‘normal’ programming languages like C++ or Delphi can do – Emsisoft’s Fabian Wosar.

Ransom32 is cross-platform.Apart from being hard to detect, it is also cross platform which means that once written, a NW.js application can work on Windows, Linux and MacOS X without any modification.

Reports indicate that so far only Windows machines have been infected. However, because of the nature of how NW.js works, we may see Ransom32 infecting different platforms soon.

Sold as Ransomware as a Service

What is scary about Ransom32 is  it’s being offered to would-be cyber criminals as a paid service. With just a few clicks, you have your own Ransom32 ready to go.

If we look at the predictions for 2016 made by McAfee, Trend Micro and other security firms, it is clear that 2016 will be the year for ransomware.

How to protect yourself from Ransom32?

This will be the headline of my next article as we will be uncovering a new tool which provides immunity from Cryptolocker and its variants and keeps your important files safe without any hassle.

Stay tuned!

Appendix

Other posts about Ransom32:

About the author

Hasan EKSI

An enthusiastic IT Security Professional with over six years of experience and expertise in Information Security and general IT.
https://tr.linkedin.com/in/eksihasan

Leave a Comment