22 Jun

New Ransomware Attacks With JavaScript

A newly discovered ransomware does away with downloading a malicious file, carrying out the encryption itself


A new form of ransomware has emerged that tries to evade detection by carrying out all its encryption using the JavaScript scripting language.

This the latest in the rapidly expanding ransomware category, which has grown into a significant threat in recent months as criminals are attracted by lucrative payouts.

“The JavaScript doesn’t download the ransomware, it is the ransomware,” wrote Sophos researcher Paul Ducklin in an advisory. “No additional software is downloaded, so once the JS/Ransom-DDL malware file is inside your network, it’s ready to scramble your data and pop up a ransom message all on its own.”

The script arrives as an attachment called Invoice.txt.js, which appears as “invoice.txt” on most Windows systems, which are configured by default not to display file extensions.

If opened, JavaScript attachments of this kind execute by default in the Windows Script Host (WSH), which doesn’t impose any restrictions.

The new technique is simpler than the most common method of infection, which involves the use of a Word document which then downloads executable code from a remote server.

If you think you may have been infected by this ransomware or  any other malware, give us a call on 01539 720104.

 

08 Apr

New ransomware that knows where you live!

ransomwareA new email phishing campaign has started sending thousands of ominous-looking emails that contain the recipient’s home address.

The well-worded email appears to come from legitimate email addresses, and raises very few irregularities. The email comes with a demand for money for an arbitrary service, along with a web link that purports to be an “overdue invoice.”

Click the link and open the file (which looks like a Word document), and you’ll become the latest victim of ransomware — that is, malware that encrypts your files and locks you out of your computer until you pay a ransom and the longer you wait, the larger the ransom you have to pay.

It appears that the scammers are leveraging some sort of database that has home addresses publicly available and using this for the scam.

Restoring from a backup is the only option available if you get infected by this type of virus, so make sure you have current and valid backups. If you need any help with backups or virus removal, please get in touch.

SUPPORT