A new Ransomware-as-a-service, that is written in JavaScript and is able to infect Mac, Windows, and Linux. This new ransomware has been dubbed ransom32, and its the first one to infect all 3 OS. Ransom32 allows its operators to deploy the malware very quickly and easily. It is easy to use and comes with a dashboard that lets the operators designate custom Bitcoin address, where the ransom can be sent to send. In short, this new ransomware-as-a-service is so simple, and efficient at the same time, that anyone can download and distribute his/her own copy of the ransomware executable as long as he/she have a Bitcoin address. Ransom32 was first analyzed by Emsisoft, they found that the new ransomware, which embedded in a self-extracting WinRAR archive. It uses the NW.js platform for infiltrating the victims’ computers.

How Does Ransom32 Work?

Malware is  placed inside a  malicious file inside emails masquerading as delivery notifications,  and unpaid invoices The moment it was installed and launched, Ransom32 connected to a command-and-control (C&C) server that was on the TOR  network. After which it displayed ransom note as shown below and of course  the Bitcoin address where victims are supposed to pay to recover their files.

Currently, Wosar has only seen Ransom32 as a Windows attack vector;however, the NW.js framework can run on all three major operating systems.

How to Protect Yourself from Ransomware Threat?

Here are some ways to protect yourself from Ransom 32:

  • Always keep regular backups of your important data.
  • Make sure you run an active anti-virus security suite of tools on your system.
  • Do not open email attachments from unknown sources.
  • Most importantly, always browse the Internet safel