Latest Ransomware Now Hidden Within Javascript

When it comes to viruses Ransomware is particularly nasty. With thousands of users being affected by the latest in cyber crime, it often costs people hundreds to gain access to their family photos and legal documents all thanks to the newest of malware. It would now seem that ransomware creators are getting smarter, with the latest strain of the despicable code being hidden within Javascript, creating all kinds of nightmares for users.

The new malware is titled RAA and hides by assuming the form of a document, the opening of which triggers the encryption process. The problem with this approach, an alternative to the classic of sneakily downloading and installing the virus without anything from the user, is that people often open up emails and will, without a second thought, open an attachment.

Discovered by Benkow and JamesWT, the titles for two security researchers, RAA is sent via an email and runs using the “Windows-based script host”. The flaw comes as Windows allows javascript files (.js) to run automatically, while .exe or .bat files are filtered and checked by windows, often asking the user to authorize their execution. Fail to catch RAA before it encrypts your files and you’ll be met with a ransom note in Russian, demanding $250 (around £171) to get your files back.

You should always be careful with email attachments, only opening them if you are expecting the document and recognise its source. If you weren’t expecting the document then check with its sender what it is and if you or they can’t remember what it is, don’t open it.