We’ve already seen ransomware take on many forms this year, but researchers this week claim they’ve noticed a new strain unlike any they’ve seen prior–a type composed entirely of JavaScript. The ransomware, dubbed RAA by researchers, has been circulating through attachments masquerading as Word .doc files according to Lawrence Abrams, who wrote about the malware late Monday night on his site BleepingComputer.com.
Initially discovered by two security researchers, @JAMES_MHT and @benkow_, RAA encrypts files using code from CryptoJS, an open source library that’s easy to use and handles cipher algorithms like AES, DES, and so on. In this instance, RAA scans victims’ machines and encrypts select files with AES-256.
Original Source: ThreatPost
View the full story here