Ransom32 Is a JavaScript-Based Ransomware That Uses Node.js to Infect Users
A new type of ransomware has been spotted, the first of its kind, a ransomware that uses JavaScript to infect its users, being coded on top of the NW.js platform.
According to Emsisoft’s Fabian Wosar, a new ransomware family that goes under the name of Ransom32 is using the NW.js platform for infiltrating the victims’ computers, and then locking their files.
As Mr. Wosar told Softpedia, Ransom32 is currently distributed only via spam email campaigns. This is a classic method of distributing any type of malware, not just ransomware, and is not unique to Ransom32.
Verizon Accused of Helping Cybercriminals by Routing Millions of Stolen IP Addresses
Verizon has some explaining to do because a recent report from The Spamhaus Project has pointed the finger at the company and accused it of aiding cybercriminals by routing over four million IP addresses through its network.
The Spamhaus Project is an international non-profit organization that in the last years has maintained a spam blacklist and also collaborated with law enforcement agencies to track down spammers and some of the Internet’s spam operations.
As Spamhaus representative Barry Branagh explains, the recent depletion of the IPv4 address block has forced cybercriminals to steal IP ranges from the IP pools of companies that don’t use them, or haven’t gotten around to setting up routes for those IPs.
“Setting up a route” is when an ISP tells other ISPs that a particular IP address block can be found on its servers. While spammers have found it quite easy to steal or buy IP blocks from the black market, to set up a route, they usually need to register as an AS (Autonomous System) and receive an ASN (Autonomous System Number).
Because of Verizon’s relaxed ASN setup process, cybercriminals have found it quite easy to submit forged documents to the company and have it route their stolen IP lots through their servers.
Using this approach, Mr. Branagh says that over 4 million IP addresses have been routed through Verizon’s network, which were later used to spam users via the “snowshoe approach.” With this technique, spammers use multiple addresses, in various locations, to send spam email to their victims.
Confirmation of a Coordinated Attack on the Ukrainian Power Grid
After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that cyber attacks were directly responsible for power outages in Ukraine. The SANS ICS team has been coordinating ongoing discussions and providing analysis across multiple international community members and companies. We assess with high confidence based on company statements, media reports, and first-hand analysis that the incident was due to a coordinated intentional attack.
The attackers demonstrated planning, coordination, and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage. This attack consisted of at least three components: the malware, a denial of service to the phone systems, and the missing piece of evidence of the final cause of the impact. Current evidence and analysis indicates that the missing component was direct interaction from the adversary and not the work of malware. Or in other words, the attack was enabled via malware but consisted of at least three distinct efforts.
