Ransomware32, first ransomware in javascript

Gauthier Befahy
Gauthier has been active in the IT field for over 10 years. Currently working for Scademy Ltd, He oversees global Sales and Marketing.

In my previous article, I had announced ransomwares as one of the top 5 threats for 2016. Well… looks like there is a new bad boy in town!
Ransomware32 was discovered by Emsi, and they claim it can run on all types of machine, since it is based entirely on javascript. This could indicate an upcoming trend int hat sector!

Ramsomwares have gained „popularity” over the recent years, and kept being better and better. The reason why? They are profitable (they estimate the value of the data they encryot… then propose a ransom tot he suer in order to get the data back).

Ransomware32  (here below) is the next step. It was built using the NW.js framework. It fits into the new Ransomware as a Service approach that we saw growing in 2015. A tailored exec file will allow the user to generate a web interface where he will be able to specify the ransom, and how the malware will behave. It also allows the tracking of performances, as well as paid ransoms.


Still at an early-Stage

Even though it seems multi-platform, only a windows exec file has been discovered. It is under the form of an auto-extract winrar file, thus an exec file on which the user will click. Once done… it all goes downhill!

So users… Beware of those malwares!