Beware new javascript ransomware
A new ransomware attack, designed to kidnap your computer and demand money from you before releasing it, has been written entirely in javascript and is thus more dangerous because many email programs, like Gmail, will not block the running of the .js file.
The bottom like is always the same: Don’t run attachments sent to you unexpectedly, even from friends. Check with them to confirm that they meant to send it, and if they don’t confirm, delete it.
I could also label this story as another reason I don’t use gmail, but that really is a different story entirely.
Readers!
Please consider supporting my work here at Behind the Black. Your support allows me the freedom and ability to analyze objectively the ongoing renaissance in space, as well as the cultural changes -- for good or ill -- that are happening across America. Fourteen years ago I wrote that SLS and Orion were a bad ideas, a waste of money, would be years behind schedule, and better replaced by commercial private enterprise. Only now does it appear that Washington might finally recognize this reality.
In 2020 when the world panicked over COVID I wrote that the panic was unnecessary, that the virus was apparently simply a variation of the flu, that masks were not simply pointless but if worn incorrectly were a health threat, that the lockdowns were a disaster and did nothing to stop the spread of COVID. Only in the past year have some of our so-called experts in the health field have begun to recognize these facts.
Your help allows me to do this kind of intelligent analysis. I take no advertising or sponsors, so my reporting isn't influenced by donations by established space or drug companies. Instead, I rely entirely on donations and subscriptions from my readers, which gives me the freedom to write what I think, unencumbered by outside influences.
You can support me either by giving a one-time contribution or a regular subscription. There are four ways of doing so:
1. Zelle: This is the only internet method that charges no fees. All you have to do is use the Zelle link at your internet bank and give my name and email address (zimmerman at nasw dot org). What you donate is what I get.
2. Patreon: Go to my website there and pick one of five monthly subscription amounts, or by making a one-time donation.
3. A Paypal Donation or subscription:
4. Donate by check, payable to Robert Zimmerman and mailed to
Behind The Black
c/o Robert Zimmerman
P.O.Box 1262
Cortaro, AZ 85652
You can also support me by buying one of my books, as noted in the boxes interspersed throughout the webpage or shown in the menu above.
A new ransomware attack, designed to kidnap your computer and demand money from you before releasing it, has been written entirely in javascript and is thus more dangerous because many email programs, like Gmail, will not block the running of the .js file.
The bottom like is always the same: Don’t run attachments sent to you unexpectedly, even from friends. Check with them to confirm that they meant to send it, and if they don’t confirm, delete it.
I could also label this story as another reason I don’t use gmail, but that really is a different story entirely.
Readers!
Please consider supporting my work here at Behind the Black. Your support allows me the freedom and ability to analyze objectively the ongoing renaissance in space, as well as the cultural changes -- for good or ill -- that are happening across America. Fourteen years ago I wrote that SLS and Orion were a bad ideas, a waste of money, would be years behind schedule, and better replaced by commercial private enterprise. Only now does it appear that Washington might finally recognize this reality.
In 2020 when the world panicked over COVID I wrote that the panic was unnecessary, that the virus was apparently simply a variation of the flu, that masks were not simply pointless but if worn incorrectly were a health threat, that the lockdowns were a disaster and did nothing to stop the spread of COVID. Only in the past year have some of our so-called experts in the health field have begun to recognize these facts.
Your help allows me to do this kind of intelligent analysis. I take no advertising or sponsors, so my reporting isn't influenced by donations by established space or drug companies. Instead, I rely entirely on donations and subscriptions from my readers, which gives me the freedom to write what I think, unencumbered by outside influences.
You can support me either by giving a one-time contribution or a regular subscription. There are four ways of doing so:
1. Zelle: This is the only internet method that charges no fees. All you have to do is use the Zelle link at your internet bank and give my name and email address (zimmerman at nasw dot org). What you donate is what I get.
2. Patreon: Go to my website there and pick one of five monthly subscription amounts, or by making a one-time donation.
3. A Paypal Donation or subscription:
4. Donate by check, payable to Robert Zimmerman and mailed to
Behind The Black
c/o Robert Zimmerman
P.O.Box 1262
Cortaro, AZ 85652
You can also support me by buying one of my books, as noted in the boxes interspersed throughout the webpage or shown in the menu above.
I thought the JavaScript language does not have access to the files on a computer. There are no file open/read/write/close primitives.
Forget about ransomware, if any JavaScript program can access your files it can steal anything.
Thanks for the tip!!
The computer related blogs lately have been helpful
Stay tuned! I hope to have a regular series of very worthwhile computer tips relating to Linux in the near future.
It is true that javascript cannot access files but maybe the .js file acts as a carrier for something else.
Robert,
I am thinking about buying a @reagan.com email address.
Who do you use for email service?
Gene
I use a forwarding service provided by the professional science journalism trade organization that I belong to. This is not an option for you.
Gene:
What type of email address are you interested? (what features?)
Gmail, Outlook (Microsoft), and a number of other free email providers do scan your email for key-words & targeted adverts.
(These services are “free,” and that is the trade-off.)
The Reagan dot com folks pledge not to scan your email for advertising purposes, and that’s the major feature they offer. They will however, turn your email over to the Feds, if they are required to do so by Law. All providers are subject to that, unless they are off-shore.
I’m not a computer guy, but I notice that Chrome offers the option, under “Content settings”: “Do not allow any site to run JavaScript” (with an option to exclude selected sites).
Would this eliminate the Gmail vulnerability for Chrome users?