Beware: New Ransomware threatens Mac OS X & Windows Users


Security researchers have uncovered a new type of ransomware which is not actually designated as malware but attempts to extort payment from its victims nevertheless. The new strain of ransomware is being labeled “HTML Ransomware” and it works by injecting JavaScript code into the browser. This is a pretty savvy approach on several levels:

  1. Because of the serious negative effect on browsing, most users are reluctant to completely disable JavaScript
  2. No need for anything (malware related) to be installed
  3. Traditional anti-virus programs are ineffective against HTML Ransomware, even with the latest definitions

Furthermore, in order for HTML Ransomware to initiate successfully, there are just two basic requirements; JavaScript must be enabled, and the victim’s web browser has to incorporate the ‘Recover session after a crash’ feature – which is part and parcel of all major browsers, including Internet Explorer, Firefox, Chrome, and Safari.

HTML Ransomware operates on the same principle as the malware variety in that it purports to have emanated from a policing authority, creates a lockout situation, and demands payment to restore normal functionality.

Credit: Jerome Segura - Malwarebytes

Credit: Jerome Segura – Malwarebytes

In reality the browser is not permanently locked at all but rather caught up in a loop. The introduced JavaScript creates an iFrame loop which continues taking the user back to the same warning message 150 times over. In theory, if the user were to open and close the browser 150 times, the loop would then be exhausted and the browser should return to normal.

Jerome Segura, Senior Security Researcher at Malwarebytes, has published a blog article detailing this new ransomware, including information on how Mac OS X/Safari users can get rid of it. Mr. Segura’s advice for Windows victims is to; first disable JavaScript and then end all processes associated with the browser.

By all accounts this attack is fairly easy to overcome, the danger lies in users not recognizing it for what it is… a scam. Although a browser may freeze (or lock) for a variety of reasons, typically the scam will include several key components:


  1. A warning from some authority, such as the Police or FBI
  2. The browser will of course be locked
  3. Payment is required via a voucher system

For Firefox users, I imagine that installing the NoScript extension would help prevent this type of JavaScript intrusion.

Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 7 comments

Comments are closed.