DEV Community

Cover image for Running a ransomware attack in a Node.js module

Running a ransomware attack in a Node.js module

Charlie Gerard on May 06, 2022

Post originally posted on my blog A couple of weeks ago, I experimented with creating a small ransomware script, and looked into how to run it in ...
Collapse
 
iamschulz profile image
Daniel Schulz

I've seen you program brain interface live on stage and now you're building ransomwares. I put two and two together and do not like where this is going 🧐

Collapse
 
mjoycemilburn profile image
MartinJ

Very interesting - thank you. Ransomware scares me. I spent some time recently researching how I might get yourself some protection from an attack by keeping file copies in a secure location. The conclusion was depressing - it seems there's no such thing as a secure location if it's linked permanently to your machine in some way. I started with the idea that dropbox et al might be the answer, but soon gave up. I won't bore you with the details, but each month now I get an email reminding me that a scheduled dump is going to run in the wee small hours and that I need to connect my remote hard drive before it starts and disconnect same when it's finished. Is this 2022 or what?

Collapse
 
krishnansriram profile image
Krishnan Sriram

Nice article. Wondering, how any security tool can pick things like this. If you think encryption/decryption invocations should be flagged. It's hard. How do we differentiate between genuine function vs a ransomware (like this). Will be interesting to see what the future scanner will look like!

Collapse
 
jdnichollsc profile image
J.D Nicholls

Hello Charlie, thanks for sharing!

This is quite interesting, and as you mentioned, this is a manual step to prevent security issues, also it's important to use exact versions of these external packages/libs and people always forget that!

Thanks for the reminder <3

Collapse
 
k_swe profile image
Kilian Lindberg

I’ve been uncomfortable with all these package updates since I realized things like this could be achieved a long time ago.. All this breaking module updates and now this. Great example Charlie.

Collapse
 
timmortal profile image
Timmortal

Been a victim of ransomware before, didn't know it was this easy to do to anyone

Collapse
 
dinerdas profile image
Diner Das

Thanks!

Collapse
 
snelson1 profile image
Sophia Nelson

good read

Collapse
 
andrewbaisden profile image
Andrew Baisden

Wow that was quite interesting!

Collapse
 
fraxken profile image
Thomas.G

You might be interested in looking at NodeSecure/cli: github.com/NodeSecure/cli

We are working hard on providing open source tools able to detect that kind of malicious package.

Collapse
 
zabdeldjallil profile image
Djilou

amazing content keep it up

Collapse
 
marsou001 profile image
Marouane Souda

Amazing article. Thank you Charlie for sharing. One should never just install whatever package he finds online, a mistake I see gets often repeated.

Collapse
 
ahmedashfaq027 profile image
Mohammed Ashfaq Ahmed

Very interesting! Thank you.

Collapse
 
yousef_hassani_4cc7dd9756 profile image
Yousef Hassani • Edited

Use Nodejs in Docker. Your host system remains protected at least in this type of attack.