Skip to main content

Email Attachments With Java Script Pose Ransomware Threat

By July 4, 2016May 25th, 2021Blog, Cybersecurity

EmailXAttachmentsXWithXJSXPoseXRansomwareXThreatThe hacking community is at it again, and they’ve once more upped the ante. It wasn’t long ago that ransomware called Ransom32 that was partially written in NodeJS, but delivered via an executable file, had been the norm, that is until now. Now though, there’s a new threat. The ransomware is called RAA, and is written entirely in Java Script, no executable required.

Java has had a string of highly publicized security issues in recent months, and this adds to that growing list. This strain of ransomware can target files with the following extensions:

  • Doc
  • Xls
  • Rts
  • Pdf
  • Dbf
  • Jpg
  • Dwg
  • Cdr
  • Psd
  • Cd
  • Mdb
  • Png
  • Lcd
  • Zip
  • Rar
  • CSV

Typically delivered via email, and disguised as a word doc, an observant recipient will note that it has the .js extension, rather than the typical .doc extension. When clicked, the software will scan the device the user clicked the file from, and then search those drives for any files with the extensions mentioned above. These will be locked, and appended with the *.locked extension. The user will be informed that the only way to get access to their files back is to pay a ransom.

Unfortunately, it gets worse. The software also scans for, and deletes the Windows Volume Shadow Copy Service (VSS), so that it’s not possible to recover files via this method.

This is but the latest in an evolving series of threats that are making ransomware in general more dangerous than ever. If it’s been a while since your employees have had security training, especially training that relates to suspicious emails, now is the time to consider putting that front and center as a priority. The number of ransomware attacks has spiked considerably in 2016, and given the rapid pace of change on this front, we can expect that trend to continue. Be sure you’re as ready as you can be to face the growing threat.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.