Story image

Ransomware turns into PowerWare with new Microsoft based threat

30 Mar 2016

Carbon Black is warning of a new form of fileless ransomware, which has used Microsoft Word to successfully target at least one healthcare organisation – with a ransom that increases as time goes by.

The ransomware utilises PowerShell, the scripting language inherent to Microsoft operating systems, and has sparked concerns from Carbon Black given its utilisation of widely-used scripting platforms.

Carbon Black says what sets the new variant apart from traditional ransomware is its ‘fileless’ nature.

“Traditional ransomware variants typically install new malicious files on the system, which in some instances can be easier to detect,” Carbon Black says.

“PowerWare asks PowerShell, a core utility of current Windows systems to do the dirty work. By leveraging PowerShell, this ransomware attempts to avoid writing new files to disk and tries to blend in with more legitimate computer activity.”

Carbon Black’s Threat Research Team has dubbed PowerWare a ‘novel’ approach to ransomware, saying it reflects a growing trend of malware authors thinking outside the box in delivering ransomware.

The security vendor says its research shows PowerWare is delivered via a macro-enabled Microsoft Word document. The Word document then uses macros to spawn ‘cmd.exe’ which in turn calls PowerShell with options that download and run the ‘deceptively simple’ PowerWare code.

“In an interesting twist, PowerWare authors initially ask for a $500 ransom which increases to $1000 after two weeks,” Carbon Black says.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.