Beware new javascript ransomware

Please consider donating to Behind the Black, by giving either a one-time contribution or a regular subscription, as outlined in the tip jar to the right. Your support will allow me to continue covering science and culture as I have for the past twenty years, independent and free from any outside influence.

A new ransomware attack, designed to kidnap your computer and demand money from you before releasing it, has been written entirely in javascript and is thus more dangerous because many email programs, like Gmail, will not block the running of the .js file.

The bottom like is always the same: Don’t run attachments sent to you unexpectedly, even from friends. Check with them to confirm that they meant to send it, and if they don’t confirm, delete it.

I could also label this story as another reason I don’t use gmail, but that really is a different story entirely.


  • NormD

    I thought the JavaScript language does not have access to the files on a computer. There are no file open/read/write/close primitives.

    Forget about ransomware, if any JavaScript program can access your files it can steal anything.

  • m d mill

    Thanks for the tip!!
    The computer related blogs lately have been helpful

  • Stay tuned! I hope to have a regular series of very worthwhile computer tips relating to Linux in the near future.

  • Michael

    It is true that javascript cannot access files but maybe the .js file acts as a carrier for something else.

  • Gene


    I am thinking about buying a email address.

    Who do you use for email service?


  • I use a forwarding service provided by the professional science journalism trade organization that I belong to. This is not an option for you.

  • wayne

    What type of email address are you interested? (what features?)

    Gmail, Outlook (Microsoft), and a number of other free email providers do scan your email for key-words & targeted adverts.
    (These services are “free,” and that is the trade-off.)

    The Reagan dot com folks pledge not to scan your email for advertising purposes, and that’s the major feature they offer. They will however, turn your email over to the Feds, if they are required to do so by Law. All providers are subject to that, unless they are off-shore.

  • mivenho

    I’m not a computer guy, but I notice that Chrome offers the option, under “Content settings”: “Do not allow any site to run JavaScript” (with an option to exclude selected sites).

    Would this eliminate the Gmail vulnerability for Chrome users?

Leave a Reply

Your email address will not be published. Required fields are marked *