Ransomware in JavaScript

JavaThere’s been a recent rash malware that utilizes JavaScript-based downloaders to install ransomware on victims’ computers. Like most ransomware, it then encrypts their files and demands payment in Bitcoins to get a key to unlock them. It’s pretty unusual for anyone to send a Javascript attachment, so users should be on the lookout for any suspicious emails that include files with the .js or .jse extension.

It appears the hackers are using the Locky, Nemucod, and Swabfex versions of malware to carry out the attacks after tricking victims into downloading them via successful social engineering attempts. The cybercriminals typically make their emails sound as if they carry information the target needs, such as financial information. They then package the JavaScript inside a .zip or .rar file that the victim has to open, so users should watch for those file types as well.

In this new crop of attacks, the attackers are basically using two strains of ransomware: Locky and Tescrypt, with Locky being best known for the recent shut downs of hospitals around the US due to ransom attacks. Anti-virus protection typically filters out ransomware and keeps it from ever being installed, but by utilizing JavaScript the hackers have been able to circumvent that.

The best way to prepare for a ransomware attack is to develop robust backup and data recovery policies, especially in the health and finance industries. Secondly, businesses and organizations need to train their employees to be able to recognize social engineering attacks and phishing emails. It’s also a good idea for everyone to be running the latest version of their operating system and that their anti-malware software is up to date. Finally, every organization should have their email gateways scan and block any malicious code it comes across.

In order to better protect yourself from being taken advantage of by ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.

image_pdfimage_print