skip to Main Content

Cybercrime, here it comes Nodera: an anomalous ransomware

Here it comes Nodera: an anomalous ransomware. According to cyber security experts on the SANS forums, the malware is based on the Node.js framework and is still under development

Cybercrime is spreading out of the ordinary ransomware: Nodera. The malicious code was analyzed by cyber security experts in the SANS ISC InfoSec forums, who discovered that it is based on the Node.js framework (used to build Web applications in JavaScript). Furthermore, it would affect the Windows operating system and would still be in development. This is because the malware still has obvious inconsistencies: first it refers to a 2048-bit RSA public key in the ransom note, although the one embedded in the script is 4096 bits. It also indicates the date “March 1, 2018” as the time of destruction of the private key. Finally, there is no communication channel mentioned in the ransom note to receive the private key. As usual, once executed, the ransomware encrypts the files and adds the “.encrypted” extension. An HTML file with the ransom note appears to the user.

Back To Top