Ransom32: JavaScript ransomware-as-a-service

The security researchers at Emsisoft have got a good write-up of Ransom32, a newly-discovered piece of ransomware.


Ransomware, of course, is nothing new. For some time computer users have been plagued with malware which encrypts their files or blocks access to devices, with demands that X number of bitcoin be paid for their release.

Ransom32 is not even different because it is “ransomware-as-a-service”, online software that effectively puts the power to create ransomware into the hands of just about anyone – regardless of their technical know-how – if they are prepared to pay the price. Sadly, ransomware-as-a-service is nothing new.

Sign up to our free newsletter.
Security news, advice, and tips.

What makes Ransom32 rather more interesting is that it is coded entirely using JavaScript, and as a consequence could be used to target not just Windows computers, but also those running Mac OS X and Linux.

By turning their ransomware into a sellable service, the criminals behind Ransom32 are providing an opportunity for other hackers to easily launch attacks that will encrypt users documents, personal photographs, movies and more… and then demand payment via anonymous Bitcoin to ensure the safe return of the otherwise unrecoverable data.

In other words, rather than build their own infrastructure, attackers can let Ransom32 do all the heavy lifting for them.

Showing entrepreneurial spirit, the creators of Ransom32 skim off 25% of any money successfully extorted for themselves.

Presently the attack appears to have been distributed via email, so once again users are advised to exercise great caution over what they run on their computers – especially if it arrives via unsolicited email.

Of course, it’s always sensible to ensure that you have backups of your important data – so that if the worst should happen you can recover without having to pay any money to the extortionists.

As is often the case, the oldest rules of safe computing are often the wisest. Back up your important data, as it’s better to be safe than sorry. I believe that online extortion will be a growing problem in 2016, so take steps to minimise the risks now.

Learn more about Ransom32 on the Emsisoft blog.

Hit by ransomware

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Ransom32: JavaScript ransomware-as-a-service”

  1. Tan

    So the recommended way to deal with ransomware is to refresh my PC? Is that way to remove it? Sometime thing like this may happen to people who didn't do backup, then they have to choose between paying the money or losing their data.

    1. Simon · in reply to Tan

      And in some cases, paying a ransom doesn't necessarily guarantee their files back either.

      Paying them only encourages their behaviour…

      It's unfortunate for those who are not tech savvy, who are unlikely to have any form of backup and are also aware that these things happen.

      Those who aught know better have no excuse for not being proactive.

      1. No name · in reply to Simon

        Simon, Good. If you get a virus, you should take it to your local tech shop. For me, it's tech guru.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.