Story image

Ransomware turns into PowerWare with new Microsoft based threat

30 Mar 16

Carbon Black is warning of a new form of fileless ransomware, which has used Microsoft Word to successfully target at least one healthcare organisation – with a ransom that increases as time goes by.

The ransomware utilises PowerShell, the scripting language inherent to Microsoft operating systems, and has sparked concerns from Carbon Black given its utilisation of widely-used scripting platforms.

Carbon Black says what sets the new variant apart from traditional ransomware is its ‘fileless’ nature.

“Traditional ransomware variants typically install new malicious files on the system, which in some instances can be easier to detect,” Carbon Black says.

“PowerWare asks PowerShell, a core utility of current Windows systems to do the dirty work. By leveraging PowerShell, this ransomware attempts to avoid writing new files to disk and tries to blend in with more legitimate computer activity.”

Carbon Black’s Threat Research Team has dubbed PowerWare a ‘novel’ approach to ransomware, saying it reflects a growing trend of malware authors thinking outside the box in delivering ransomware.

The security vendor says its research shows PowerWare is delivered via a macro-enabled Microsoft Word document. The Word document then uses macros to spawn ‘cmd.exe’ which in turn calls PowerShell with options that download and run the ‘deceptively simple’ PowerWare code.

“In an interesting twist, PowerWare authors initially ask for a $500 ransom which increases to $1000 after two weeks,” Carbon Black says.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."