New Ransomware Attacks With JavaScript

Ransomware signA newly discovered ransomware does away with downloading a malicious file, carrying out the encryption itself

A new form of ransomware has emerged that tries to evade detection by carrying out all its encryption using the JavaScript scripting language.

This the latest in the rapidly expanding ransomware category, which has grown into a significant threat in recent months as criminals are attracted by lucrative payouts.

“The JavaScript doesn’t download the ransomware, it is the ransomware,” wrote Sophos researcher Paul Ducklin in an advisory. “No additional software is downloaded, so once the JS/Ransom-DDL malware file is inside your network, it’s ready to scramble your data and pop up a ransom message all on its own.”

The script arrives as an attachment called Invoice.txt.js, which appears as “invoice.txt” on most Windows systems, which are configured by default not to display file extensions.

If opened, JavaScript attachments of this kind execute by default in the Windows Script Host (WSH), which doesn’t impose any restrictions.

The new technique is simpler than the most common method of infection, which involves the use of a Word document which then downloads executable code from a remote server.

If you think you may have been infected by this ransomware or  any other malware, give us a call on 01539 720104.