[waffles2.0]

I am looking into ransomware that isn't an executable, mainly file types you can attach to emails. Am I correct in assuming that all the JavaScript and documents relating to ransomware are just downloading executables for urls?

Or is there any ransomware that is contained completely within Javascript and doesn't need to pull down from a website?

[zerosum0x0]

MS JScript does not have direct access to the Windows API (although it is possible in indirect ways). It generally requires COM (ActiveXObjects) to do anything interesting.

There is a "Scripting.FileSystemObject" (FSO) ActiveXObject. I don't know if there is a COM object for direct crypto, but there are implementations of crypto libraries written in JavaScript, including asymmetric public key cryptography.

So with a little creativity, yes it is possible. FSO is off limits in the default IE security zone, but if someone double clicks a .js email attachment it will run.

In the wild, however, most of the .js malware I've come across are just droppers to download normal binaries. I can't personally name a pure JS ransomware strain.

[EP_X0FF]

http://www.kernelmode.info/forum/viewto ... =16&t=4391