First Node.js-Powered Ransomware Discovered

An anonymous reader writes: A security researcher from Emsisoft has discovered a new ransomware family coded via NW.js (formerly Node-WebKit). Why is it unique? Because it is the first of its kind to use JavaScript for the ransomware's source code, it provides cross-OS support (we may see the first universal Windows-Linux-Mac ransomware in the future), and because the security researcher describes it as "successor of CryptoLocker" when it comes to encryption quality. The ransomware, Ransom32, is offered as a RaaS service on the Dark Web, only targets Windows machines in its first version, and is currently undecryptable.

How is it platform independent?

[goombah99]

So it's installing a server for node JS. but that does not make it platform independent. the script side of it may be but not the backend and it has to install that too.

Re:Pure HTML

Node-webkit stuff will definitely NOT run inside a browser. That was the entire point of node-webkit. It's a node environment fused with a webkit environment.

Which, editors, is not "node.js"; it's a fork.

Re:So glad we "got rid of Flash"

[dos1]

Okay, but how is that related? Using JavaScript with Node.js is no different than using Python with CPython, or any other interpreted language using their interpreter. The fact that browsers happen to use the same syntax for their in-page scripting doesn't mean anything here.