Close Menu
Dorchester IT Blog

Everything You Need to Know About Super Virus Ransom32

by Jason Fletcher | Jun 13, 2017

With all the talk in the media lately around the latest ransomware virus in the wild, let’s take a look at a more unique variance on this kind of threat to computer networks: Ransom32.

So what makes this variant so interesting? At first glance it seems like any other variant out there. It doesn’t show any worm-like activity that uses a leaked NSA exploit in order to infect every computer on the network. Ransom32 actually seems very ordinary.

That is until you start looking under the hood. One of the major problems compared to other crypto viruses is the file size. This virus has a massive size of around 22MB. We typically see these kinds of viruses with a file size of less than 1MB. You might still be saying “so what?” The virus is a little bigger than normal, who cares? It still encrypts my data and holds it to ransom.

The funny thing about the file size of this virus is that it is a hint as to what language it was created in. This virus is the first of its kind to have been coded in JavaScript. JavaScript is generally seen as a web technology. It is the language behind all the websites that make the pretty UI and slideshows that we all love).

So why did the creators choose to use JavaScript? By using JavaScript they have actually created a virus which can not only infect a Windows machine, but also Mac and Linux. To date we have only seen the Windows version in the wild, but it would be possible to repackage the same source code and have it run on any operating system you want.

The other interesting part to the story of Ransom32 is that it also offers itself as a Software as a Service (or SaaS). What this means is that other wannabe hackers can navigate themselves to a TOR website, give the creators their bitcoin address then pay the creators 25% of all profits they make from the infections. Well we now have one virus that is being distributed from a large group of people instead of just one.

With all that said, I won’t go into too much detail as to how this virus works behind the scenes. It still infects the end user the same way, through an email or a malicious website. We can prevent the infection by not clicking on everything that shows up in our emails. With the current coverage of the latest crypto virus, it is also a good idea to remind people that there is more than just one kind of these viruses out there. In this landscape they are constantly evolving in order to work out the best way to infect all your files.

Not all is lost, there are things that we can do in order to stop an infection. The cheapest and easiest defense against a virus of this nature lies with the end user. The people behind these viruses will try to manipulate the end user in order to get them to execute the virus for them. All it takes is a five second pause before opening an attachment from the post office or clicking on a link from the federal government. Next time you get one of these emails just ask yourself, did I order something? Or why does the federal government have my email address when I didn’t give it to them?

The other good news is that Antivirus companies are getting better at trying to combat these kinds of threats. They are starting to see that the traditional way of detecting viruses isn’t enough. One company in particular that seems to be taking a unique look at the problem is Sophos. Sophos have a product called Intercept, which is specifically designed to combat this kind of virus. This product is also able to restore the files to the point just before the encryption, even if a crypto locker does get through.

If you would like to know more about how you can secure your network against this kind of attack, please contact us. One of our highly trained consultants can discuss a plan that will fit your needs.

leave a reply
Recent Posts
Be in control of your IT.

Contact us today.