Different from the recent rash of malicious javascript files, this javascript does not rely on the introduction of a malicious binary. Sophos titled the malware "JS/Ransom-DDL".
This type of malware can be dangerous if you have never considered javascript as a possible attack vector. Without a binary to detect/inspect/observe, some advanced malware defense tools will be useless.
Fortunately, this type of threat should also be easy to address - with a little preparation.
- Treat javascript email attachments like binaries: prevent delivery.
- Change the .JS file extension from the windows script host.
- If you are not using it, disable windows script host.
SOURCE:
Sophos: Ransomware that’s 100% pure JavaScript, no download required
SEE ALSO:
Microsoft: Disabling Windows Script Host
Interesting post about pure JavaScript ransomware. It’s fascinating—and a bit alarming—how scripting languages like JavaScript can be used to create real security threats. Researchers have shown that some ransomware strains can run entirely as JavaScript scripts, encrypting files without downloading additional executables. For developers who want to understand programming and cybersecurity better, training like **Java course Chennai**, **Python course**, **Data science course**, **Data analyst course**, **Full stack development**, and **UI/UX course** from Login360.in can help build strong technical skills.
ReplyDelete