New ransomware method to worry about

Image Credit:

(Header image credit:

Over on security blog Bleeping Computer, there is a post about a new type of ransomware that presents a triple threat. Known as RAA, what makes this one different is that instead of using an .exe attached to an email which would pop up an alert when a user tried to run it, this one is written entirely in JavaScript, a language often used to encode and provide functionality for web pages, and if a user runs something written in JS it likely would not pop up any alerts, and the damage would be done before you knew it.

In this case, as the linked blog post indicates, when run, the ransomware pops up a fake document that looks like it’s corrupted, then scans folders for files it can lock (appending the extension of .locked to their filenames). Then, it pops up an alert written entirely in Russian explaining that for the bitcoin equivalent of $250 (.39 bitcoins), they will send you the unlock key. As long as it’s running, it will lock any new documents you create as well.

The file types it targets are:

.doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr,
.psd, .cd, .mdb, .png, .lcd, .zip, .rar, .csv

Oh yes, it also installs a password-stealing program.

I’ve said it countless times to countless people and I’ll say it again here; don’t run email attachments from senders you don’t know know, and be very careful about running ones from people you do. I’ve received emails with attachments from friends that I could tell weren’t *really* from them, so any attachments you get should at least be checked out via a simple web search or a confirmation email asking if they really sent it. If they take issue, they’re not really your friend!

Sound, valid relationship advice from Dr. D.