Story image

Ransomware turns into PowerWare with new Microsoft based threat

30 Mar 2016

Carbon Black is warning of a new form of fileless ransomware, which has used Microsoft Word to successfully target at least one healthcare organisation – with a ransom that increases as time goes by.

The ransomware utilises PowerShell, the scripting language inherent to Microsoft operating systems, and has sparked concerns from Carbon Black given its utilisation of widely-used scripting platforms.

Carbon Black says what sets the new variant apart from traditional ransomware is its ‘fileless’ nature.

“Traditional ransomware variants typically install new malicious files on the system, which in some instances can be easier to detect,” Carbon Black says.

“PowerWare asks PowerShell, a core utility of current Windows systems to do the dirty work. By leveraging PowerShell, this ransomware attempts to avoid writing new files to disk and tries to blend in with more legitimate computer activity.”

Carbon Black’s Threat Research Team has dubbed PowerWare a ‘novel’ approach to ransomware, saying it reflects a growing trend of malware authors thinking outside the box in delivering ransomware.

The security vendor says its research shows PowerWare is delivered via a macro-enabled Microsoft Word document. The Word document then uses macros to spawn ‘cmd.exe’ which in turn calls PowerShell with options that download and run the ‘deceptively simple’ PowerWare code.

“In an interesting twist, PowerWare authors initially ask for a $500 ransom which increases to $1000 after two weeks,” Carbon Black says.

Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
VoiP new-comer upgraded and ready to take on NZ
UFONE is an Auckland-based VoIP provider that has just completed a massive upgrade of its back-end and is ready to take on the market.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Apple launches revamped iPad Air & iPad mini
Apple loves tinkering with its existing product lines and coming up with new ways to make things more powerful – and both the iPad Air and iPad mini seem to be no exception.
IntegrationWorks continues expansion with new Brisbane office
The company’s new office space at the Riverside Centre overlooks the Brisbane River and Storey Bridge.
Emerging tech helps savvy SMB’s succeed
A CompTIA report shows SMBs are taking on the challenge of emerging technologies to reach their business goals.
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.