• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • Membership Contents
  • Archives

Breaking News

  • Fukushima Report: Robot Lifts Melted Fuel
  • TÜV, Nozomi Ink Partnership Pact
  • Pangea Patches Bypass Vulnerability
  • Fuji Fixes FRENIC Devices
  • ARC: Safety and Profitability Work Together
  • Public Needs to Know About Chem Releases: Judge
  • Robot Testing Radioactive Fuel at Fukushima
  • Siemens Fixes CP1604, CP1616 Holes
  • Siemens has Upgrade for Intel AMT
  • Siemens Fixes Hole in SIMATIC S7-300 CPU
  • Siemens has Licensing Software Fix for SICAM 230
  • Siemens Fixes Ethernet Communication Module, Relays
  • OSIsoft has Update for PI Vision Hole
  • First Responders Test Technology
  • Manufacturing Targeted in Hack Attack
  • Siemens Fixes SICAM A8000 RTU Series Hole
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Insurance Dilemma: Infrastructure Attacks
  • Monitoring a Growing Network
  • Integrated Approach to Protecting ICS
  • Analytics through Network Monitoring
  • Gaining Visibility on Malware Attacks
  • The Wireless Edge
  • Benefits of Virtualization
  • Wireless Reshaping IT/OT Network
  • Virtualizing Network: Benefits, Challenges
  • Read More

Sending It Your Way

  • aeSolutions Security Blog
  • exida Explains
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

New Ransomware ‘Undecryptable’

Wednesday, June 15, 2016 @ 03:06 PM gHale

A new ransomware family called RAA uses only JavaScript code to infect computers and encrypt their data, researchers said.

RAA is not the first JavaScript-based ransomware piece, but it is the first that relies 100 percent on JavaScript to infect computers.

RELATED STORIES
New Ransomware Taking Over
Hike in New Type of Ransom Attacks
New Ransomware Hits, But Asks Small Fee
Ransomware Ups its Game

Ransom32 is the first ransomware family written in JavaScript, but at first Ransom32 only ended up coded in Node.js, but attackers still distributed it as an executable, said Emsisoft security researcher Fabian Wosar who found the malware.

Attackers attach this .js file to spam email, disguising it to look like an Office document. Some users might download and execute this file.

The malicious JavaScript code contained in email attachment is obfuscated to deter security researchers from reverse-engineering its source.

On most computers, this code runs via the Windows Script Host (WSH), which executes its commands system-wide, giving the malicious script access to system utilities.

The JS file will also create a fake Word document and open it. The file contains random files to fool users into thinking it is a corrupted document.

The RAA payload includes the CryptoJS library. This JavaScript toolkit adds support for cryptographic functions in JavaScript. CryptoJS allows RAA to encrypt user files.

The same RAA payload also contains a base64-encoded version of the Pony infostealer. This malware family can collect browser passwords and other information from a PC. Pony is usually used for reconnaissance, so crooks get a better overview of the infected system. Often, Pony goes hand in hand with banking Trojans, but this behavior was not observed for RAA infections.

RAA only encrypts 16 file types and then displays its ransom note.

The ransomware asks for $250 in bitcoin as payment, claims to use AES-256 encryption, and asks users to contact the malware author via email to receive their decryption keys. According to Bleeping Computer, RAA is currently undecryptable, said Lawrence Abrams at Bleeping Computer in a blog post.



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« NC Chemical Plant Blast Forces Evac
Ransomware Hits Android Devices, TVs »

  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • View Spotlight Article
  • News
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • About Us
  • Membership Contents
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2019 isssource.com