Planning States Do Not Stay in New Years

Ransom software, one of the most important cyber threats of the past year, entered the market in 2016. Security experts announced last week that they were only detecting a new ransom software written in JavaScript. The ransom software Ransom32, which anyone with the address of Bitcoin can download from the hidden servers in TOR, finds the files on the target computer and encrypts them, and Kurband is demanding payment by digital money. Ransom32's developers get 25 percent commission from each money transfer.

This ransom software, which also has a management interface, allows the attacker to design the message to be sent to the target and to determine how much he wants the ransom. With the same interface, an attacker can lock the target computer and keep CPU usage at a low level. Information on how much the ransom software has been downloaded and how much the victims pay is also visible on the interface.

Ransom32, which is slightly larger than other ransom software, comes as a file in the WinRAR archive. The file that looks like a Chrome browser has NW.js which contains malicious software. Experts point out the importance of using NW.js not only in Windows, but also in desktop JavaScript applications on MacOS X and Linux. NW.js also allows JavaScript to interact more with the underlying operating system. Researchers warn that the software is currently detected on Windows systems, but with a few changes it will also be effective on other platforms.

Share this post

Please Login or Signup to leave a comment.