New ransomware strain coded entirely in Javascript

Security researchers have discovered a new strain of ransomware coded entirely in Javascript, which could increase its chances of being activated.

Unlike executable program files, Javascript documents do not always trigger a security warning on Windows or require administrator access to run.

Named RAA, the malware is disguised as a document and starts encrypting files immediately when opened.
One security expert said the approach was likely to fool many victims.

"It's an interesting approach to ransomware," said Ken Munro of security company Pen Test Partners.
"Using Javascript as an attachment to an email is likely to result in many victims accidentally installing it."

The RAA ransomware was discovered by security researchers known as Benkow and JamesWT.

It is sent to victims by email and if opened on a Windows machine uses the "Windows Based Script Host" to run its code.

5 Comments