I've been reading a bit lately about pure JavaScript ransomware attacks. Sophos seems to imply that this a browser based attack and that you're infected by only visiting the site.
I can't find any practical examples of how this might be achieved though and I'd like to try to get a demo working (just showing I can change some file I shouldn't be able to).
Any advise on where I can look to get more practical advise?
(Also, I think that this vulnerability is only on IE? Is that correct?)
The Sophos seems to imply that this a a browser based attack and that you're infected by only visiting the site.
No, it doesn't. To cite from the site:
... These days, a lot of ransomware arrives in JavaScript attachments.
... The JavaScript doesn’t download the ransomware, it is the ransomware.
... On Windows, JavaScript outside your browser runs in the Windows Script Host (WSH)
Nothing in this article suggests that this is a browser based attack. In contrary, it explicitly says that the script needs to run outside the browser to have the appropriate permissions.
... can't find any practical examples of how this might be achieved
There are enough examples for using WSH (Windows Scripting Host) from a Javascript running outside the browser. For a specific case of how this is used in malware see for example Ransomware in your inbox: the rise of malicious JavaScript attachments. And with the help of WSH the attacker gets access to lots of functionality, including reading and modifying files.
