Most people have come to trust JavaScript as it is found all over the internet. Unfortunately, someone has taken advantage of that and has created a JavaScript scam that is making its rounds around the Internet and causing a lot of harm.
The scam is being sent by email and it has essentially been tricking users to install a JavaScript based download. While this may seem like it is harmless, the download will then install ransomware that will encrypt all files on a PC by force. A warning has been released by the FBI that states all individuals should watch out for emails with JavaScript attachments. One thing to look out for in particular are pure JavaScript files with a .js or .jse extension. It is uncommon for those to be sent by email and should raise your suspicions. To be on the safe side, never open these files or attachments.
There is no report from Microsoft as of yet that details of just how many people have fallen victim to this scam. However, Microsoft has released information that has indicated a rise in these kinds of malicious downloads that are seemingly written by JavaScript. The three that they have seen an increase in are Locky, Nemucod, and Swabfex. These are found in the email scam and attackers are utilizing interesting sounding names for these attachments. A common one is a financial document scheme. If the users fall for it, they expand a .zip or .rar file that contains the malicious JavaScript. If they click on the file to download it, the Javascript will be downloaded to their PC and all files will become encrypted.
This ransomware that is going around the internet will encrypt the files on said PC and then demand a ransom payment so the user can get the decryption key. The payment is requested in bitcoins. At this point, if you have the ransomware on your PC, you have three separate options: wipe the system, restore to a recent backup or pay the ransom. However, if you do not yet have this issue, the best way to protect yourself is by taking precautions. There are a few things you can do to protect yourself, your PC and your organization which include:
- Educate yourself and others about the threat
- Never open email attachments that are files that end in .js and .jse
- Disable macros in office programs
- Set group policy settings to disable macro loading
- Set up email gateways to scan for malicious code and block it from getting any further
- Use anti-malware and anti-spyware software that is up to date and fully patched
- Utilize offline backups of your systems so that you can revert back to an older backup in the case of infection
There are a lot of different scams out there on the Internet. The best way to protect yourself from a variety of threats, and not just this one, is to put into place some form of protection and safe guards. This is especially important for organizations to take every precaution possible to protect their business. This includes finding a reputable protection software and maintaining it on all devices, as well as educating all employees of potential threats and how to avoid them. As with this scam, the most common forms of cyberattacks start with an email that tricks people into clicking and downloading attachments. At the end of the day, you should never open an email attachment unless you requested that someone send it to you and you trust the source.
