Blue Hexagon Blog

Ransomware Families – Ransom32

Ransom32 was first discovered in 2016 and is one of the first Ransomware as a Service (RaaS) to be developed in Javascript.

Making Ransom32 unique is that it can be repackaged to infect Windows, Linux and MacOS.

As a RaaS, attackers sign up through Tor, set the BitCoin wallet address and then the configuration panel unlocks for configuration, downloading as a self-extracting archive.

Upon opening the archive, a packaged Javascript file is loaded and files are encrypted on the machine using AES encryption. 

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here