We know all-to-well how relentless cybercrooks and hackers are when it comes to them concocting the latest and most aggressive forms of malware. Each and every day a plethora of new malware threats are created, some are harmless annoyances while others are destructive monsters that devour files on an infected computer.
We knew and predicted that the New Year would usher in several new and aggressive malware threats sporting advanced infection methods that we have never seen before. However, we didn't suspect such threats to be emerging within a few days of 2016.
JS.Crypto Ransomware is a first of its kind threat. First identified by victimized computer users reporting on popular security forums, JS.Crypto, or Ransom32, was found to only target Windows computers. After security researchers started to dive deeper into the functions of JS.Crypto Ransomware, it was then concluded that the threat utilizes NW.js framework, which allows an application to be written once but usable across multiple operating systems or platforms. Essentially, JS.Crypto Ransomware may not only infect machines running Windows but ones running Mac OS X and Linux.
The fundamentals and victimized user interface of JS.Crypto Ransomware is not much different from other recent crypto-type ransomware threats. The threat will encrypt files and offer a method to the computer user for decryption for a ransom fee. One of the differences lies within the JS.Crypto Ransomware threat being offered as a ransomware-as-service, which allows negotiation for the Tox ransomware developer and the percentage cut they get for each paying victim. What this means is that the JS.Crypto Ransomware authors will want a cut of the ransom payments.
Currently, the JS.Crypto Ransomware (Ransom32) threat is spread through clever spam email message attachments. Many of the cybercrooks running the campaigns that initiate the spread of JS.Crypto Ransomware are using a hidden server on the Tor network where they may be able to obtain a customized JS.Crypto Ransomware threat tailored to one's specific attack methods.
Some of the apparent issues that lie within JS.Crypto Ransomware, which may lead to its slow spread rates, is its massive file size being 32 MB. At such a large size, many potential victims may dismiss downloading the attachment. Most ransomware threats are sized around only 1 MB, which is small enough not to draw any suspicions by potential victims. So far, this major flounder has kept JS.Crypto Ransomware in check and has not propagated as fast as other ransomware threats we have seen in the recent past. However, the potential for JS.Crypto Ransomware to be customized and upgraded is there, which may eventually lead to widespread infections.