Czub told us that a quick look at VirusTotal reveals that Ransom32 is not well detected by most anti-virus products (at the time of writing it had a detection ration of seven out of 54 AV products).
Here's the hard part
According to Hacked.com, after the malware perpetrator has configured and downloaded an archive of the NW.js software, they are presented with some files that they then must get deployed on target systems.
“This can be the difficult part, especially with this particular piece of software, which clocks in at more than 20 megabytes. The victim will have to be somewhat dedicated in getting hold of it, but this can be achieved with relative ease if phony downloads of popular things are used. One idea to deploy this might be to simply make it seem to be a movie or something on a torrent site,” suggests writer and hardware hacker PH Madore.
“Anti-virus vendors are bound to come up with signatures eventually, but evading them by publishing new, packed builds would be trivial for the malware authors,” Czub said. “The fact that the current malware is unpacked and has such a large file size yet no cross-platform support indicates a low level of sophistication on the part of the authors.”
It is important to note that Ransom32 was not initially developed with the ability to affect Mac or Linux users, as it depends upon the successful execution of a Windows.exe file to deliver its payload and present a ‘lock screen' on the user's machine.
Yours to take home today, for a 25 percent cut
Ransom32 is also designed for the would-be hacker with less talent than ambition.
To help navigate through the complexities of launching and monitoring an attack, it presents the hacker with a user-friendly dashboard. The dashboard also helps specify which Bitcoin address ransom demands should be paid to and how much should be paid. The original developers of Ransom32 take a 25 percent cut of all ransom payments achieved.