(Only now came over this, but interesting nonetheless....)
"If it wasn't bad enough for a victim to have their files encrypted, the RAA ransomware also installs the Pony password-stealing Trojan on to the victim's computer. Instead of downloading and installing Pony from the Internet, the malware developers converted the Pony malware into a base64 encoded string that they embedded into the JS file."
Read the full article, including code samples at bleepingcomputer.com.
Stay safe out there