January 4, 2016
Crimeware services are nothing new. Criminals for years have advertised on the underground not only malware, but management services and support for banking Trojans, exploit kits and more.
Researchers this week turned up a new ransomware-as-a-service operation that pushes the first ransomware coded entirely in JavaScript. Ransom32 is available for download on a Tor hidden server to anyone with a Bitcoin address. The malware packaged into a Chromium executable using NW.js. The malware looks for and encrypts dozens of file types and asks for a ransom payable in digital currency; Ransom32’s creators get a 25 percent commission on every transaction.