Posts tagged Ransom32

Ransom32 currently targets Windows but can easily be repackaged to affect Mac and Linux operating systems as it is based on JavaScript. It uses the NW.js (formerly node-webkit) framework designed for web and desktop applications to infect victims and spreads via spam containing a malicious compressed 32 MB RAR file. Once a system is infected, Ransom32 creates a shortcut named “ChromeService” in the Startup folder to maintain persistence.

Read More