JavaScript Ransomware Poses Increased Risk of Data Loss

On January the 1st this year, security software vendor Emsisoft presented an analysis of a new variant of ransomware (defined in a previous post of mine) that demonstrates a concerning evolution in this type of malware. This type of ransomware is available for purchase by those with malicious intent following the growing popularity of the Software as a Service (SaaS)(defined) model.

Why Should I Be Concerned About This Malware?
This new variant is written in JavaScript (defined) but uses the NW.js framework to allow JavaScript apps to be installed and run (execute/carry out their purpose) just like traditional desktop applications (that you use every day) on your computer. This flexibility is also what makes this malware of particular concern since the NW.js framework is a portable framework it has the potential to enable this malware to spread to Linux and Apple OS X computers (however as noted by Emsisoft so far no such malware has been seen “in the wild” (namely being present on computing devices used by the general public in their professional and personal lives)).

Initially the number of anti-malware signatures for this variant was very low (3) but has since increased significantly to 32 (out of a possible 57) anti-malware vendors on the Virustotal website (at the time of writing).

Moreover, this malware arrives within spam email which begins the download of the complete malware package. Once the malware has encrypted your files you will be unable to retrieve them since the encryption is well-implemented (i.e. has no implementation flaws). Recovering the files from a backup is the best option. Paying the ransom doesn’t necessarily mean you will be able to retrieve your files.

How Can I Protect Myself From This Malware?
The advice within my previous posts on ransomware still applies. Emsisoft again emphasized the importance of backing up your files to avoid the loss of your data from these kind of infections. Their advice of how to access/use your backup after it’s been created may also be of assistance to you.

I hope that you find the above information useful in preventing infection from this malware and/or recovering from an infection.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s