A new kind Javascript-based ransomware package is reportedly being sold on the dark web. Its users log into software that is provided as a service in exchange for giving the developers a cut of their extorted profits.
Emisoft Chief Technology Officer Fabian Wosar described the malware ‒ called Ransom32 ‒ and its web interface in a blog post, saying that users log in with their Bitcoin wallet addresses. Signups and connections are hidden within the Tor network, an anonymization system that requires special software to access.
https://www.rt.com/usa/328030-ransomware-new-javascript-malware/