First Node.js-Powered Ransomware Discovered

An anonymous reader writes: A security researcher from Emsisoft has discovered a new ransomware family coded via NW.js (formerly Node-WebKit). Why is it unique? Because it is the first of its kind to use JavaScript for the ransomware's source code, it provides cross-OS support (we may see the first universal Windows-Linux-Mac ransomware in the future), and because the security researcher describes it as "successor of CryptoLocker" when it comes to encryption quality. The ransomware, Ransom32, is offered as a RaaS service on the Dark Web, only targets Windows machines in its first version, and is currently undecryptable.

Re:So glad we "got rid of Flash"

[epyT-R]

Yeah we replaced actionscript with javascript. How is this really an improvement? We still have an insecure virtual machine facing the internet whenever the browser makes a request.

I've seen this

[JThundley]

I think I've seen this one first hand. It was emailed to the victim posing as a Firstname Lastname resume.zip, inside was Firstname Lastname resume.js. Inside the .js was what looked like base64 being encoded to something, probably downloading and running the actual exe.

The biggest shock in all this is that Windows will execute a .js file when you double-click it. How fucking retarded is that? I'm looking at changing the default program for .js files to be notepad instead of the Windows Scripting Host.