Email Attachments With Java Script Pose Ransomware Threat

July 4th, 2016

EmailXAttachmentsXWithXJSXPoseXRansomwareXThreatThe hacking community is at it again, and they’ve once more upped the ante. It wasn’t long ago that ransomware called Ransom32 that was partially written in NodeJS, but delivered via an executable file, had been the norm, that is until now. Now though, there’s a new threat. The ransomware is called RAA, and is written entirely in Java Script, no executable required.

Java has had a string of highly publicized security issues in recent months, and this adds to that growing list. This strain of ransomware can target files with the following extensions:

  • Doc
  • Xls
  • Rts
  • Pdf
  • Dbf
  • Jpg
  • Dwg
  • Cdr
  • Psd
  • Cd
  • Mdb
  • Png
  • Lcd
  • Zip
  • Rar
  • CSV

Typically delivered via email, and disguised as a word doc, an observant recipient will note that it has the .js extension, rather than the typical .doc extension. When clicked, the software will scan the device the user clicked the file from, and then search those drives for any files with the extensions mentioned above. These will be locked, and appended with the *.locked extension. The user will be informed that the only way to get access to their files back is to pay a ransom.

Unfortunately, it gets worse. The software also scans for, and deletes the Windows Volume Shadow Copy Service (VSS), so that it’s not possible to recover files via this method.

This is but the latest in an evolving series of threats that are making ransomware in general more dangerous than ever. If it’s been a while since your employees have had security training, especially training that relates to suspicious emails, now is the time to consider putting that front and center as a priority. The number of ransomware attacks has spiked considerably in 2016, and given the rapid pace of change on this front, we can expect that trend to continue. Be sure you’re as ready as you can be to face the growing threat.


Leave a comment!

Your email address will not be published. Required fields are marked *