sb-as logo
Story image

Ransomware turns into PowerWare with new Microsoft based threat

Carbon Black is warning of a new form of fileless ransomware, which has used Microsoft Word to successfully target at least one healthcare organisation – with a ransom that increases as time goes by.

The ransomware utilises PowerShell, the scripting language inherent to Microsoft operating systems, and has sparked concerns from Carbon Black given its utilisation of widely-used scripting platforms.

Carbon Black says what sets the new variant apart from traditional ransomware is its ‘fileless’ nature.

“Traditional ransomware variants typically install new malicious files on the system, which in some instances can be easier to detect,” Carbon Black says.

“PowerWare asks PowerShell, a core utility of current Windows systems to do the dirty work. By leveraging PowerShell, this ransomware attempts to avoid writing new files to disk and tries to blend in with more legitimate computer activity.”

Carbon Black’s Threat Research Team has dubbed PowerWare a ‘novel’ approach to ransomware, saying it reflects a growing trend of malware authors thinking outside the box in delivering ransomware.

The security vendor says its research shows PowerWare is delivered via a macro-enabled Microsoft Word document. The Word document then uses macros to spawn ‘cmd.exe’ which in turn calls PowerShell with options that download and run the ‘deceptively simple’ PowerWare code.

“In an interesting twist, PowerWare authors initially ask for a $500 ransom which increases to $1000 after two weeks,” Carbon Black says.

Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Story image
Revealed: Imperva publishes research on decade old botnet, responsible for millions of attacks
Imperva Research Labs has revealed findings of a six-month intensive investigation into a botnet that has been exploiting CMS vulnerabilities.More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More