Google Rating

Javascript-coded ransomware strain discovered

Researchers have discovered a brand new strain of ransomware unique due to the fact it is coded entirely in Javascript, vastly increasing the chances of it being activated. While the majority of executable program files trigger security warnings from Windows or require an administrator access to run, Javascript documents can slip into a system without being detected on many computers.

The new malware, named RAA, has been disguised as a document and immediately begins encrypting files when opened. The new approach sees victims sent emails that if opened on a Windows machine, use the system’s script host to run its code – something that is expected to trick many people into allowing the malware to infect their computer.

More traditional malware comes in executable programs such as an .exe or .bat file, which would automatically be screened and then blocked by the operating system. The new malware, though, goes undetected, with Windows allowing .js files to run on their systems – potentially opening up millions of people and businesses to the risk of being hacked.

After gaining entry, the ransomware then goes about encrypting the victim’s files before displaying a ransom note written in Russian, demanding a fee of £171 for the restoration of all the system’s files. This method has become increasingly popular with cyber criminals, with Microsoft coming out in April to reveal they had seen an increase in malware being spread to its systems using Javascript email attachments.

Measures to take

The most obvious method to protect yourself from attack is by taking the security measures available, utilising technologies such as anti-virus, web filtering and firewalls. Most ransomware is delivered via email, typically delivered via email opportunistically and the typical overall themes are shipping notices from delivery companies. The best way to avoid this type of malware is by not opening any unknown attachments from emails, particularly those with a .js extension.

Your company should also have a secure back-up policy, although in order for a back-up to properly work, it needs to be “serialised”, with older versions of files available in case newer versions have been corrupted or encrypted. It’s also sensible to back-up your data in an offline environment, with most ransomware attempting to attack the network and connected devices. The final piece of advice to protect against malware is to restrict your employees’ privileges online, making it easier to monitor user activity.

To make sure your business is safe from cyber criminals and malware, call our team on 01462 417070, or email