RAA – An entirely new JS ransomware delivering Pony malware

On 13th of June, while monitoring Twitter, we have observed an interesting tweet that reported a suspicious domain with an open directory listing. Among the listed files we found a zip archive containing a javascript. In this blogpost we will take a closer look at the javascript and we will show that it has ransomware capabilities, which we have dubbed RAA ransomware and that additionally delivers a dropping stage for the Pony malware.

Continue reading “RAA – An entirely new JS ransomware delivering Pony malware”