The content below is from the ISC SANS daily diary. In a nutshell it identifies a new class of malware that is routinely delivered by email as an attachment and basically encrypts all data on the hard drive once it gets a foothold. The best advice I can offer is just don’t click on the attachment if you are not certain of the content and origin.
https://isc.sans.edu/forums/diary/Ransom32+The+first+javascript+ransomware/20569/
We have all seen how ransomware is becoming a pretty common trend in cybercrimes. Well, there is a new variant and this one has been build using javascript. This malware fakes the NW.js framework. Once installed, connects to its C&C server on TOR network port 85 to get the bitcoin address and the crypto key used for encryption.
This trend is not new and we have seen how malware is being build more and more sophisticated to avoid being detected by any antimalware control at the endpoint. You have to integrate endpoint security with network security and correlate any possible alerts that might indicate an incident happening, like a computer being connected to TOR network.
More information at http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/
And as of Jan 5, it appears about half the more common AV products (including Sophos) have a definition for it, it was only about 7 out of 55 yesterday.