Ransomware uses Microsoft PowerShell to target organisations

Thursday 31 March 2016 09:00 CET | News

Cyber criminals have created a ransomware using Microsoft’s PowerShell scripting language for system administration.

The ransomware called PowerWare was discovered by security company Carbon Black when a healthcare organization was targeted through a phishing email campaign. PowerWare targets organisations through a macro-enabled Microsoft Word document, such as a fake invoice. The document launches two instances of Powershell. One instance downloads the ransomware script and the other takes the script as input to run the malicious code to encrypt files on the target system and demand payment for releasing them. PowerWare asks for USD 500, at first, but the requested amount is doubled if the ransom is not paid after two weeks.

This approach of using PowerShell to retrieve and execute the malicious code means the ransomware can avoid writing new files to disk and blend in with legitimate activity, making it difficult to detect.

The Carbon Black researchers said organisations that have systems in place for full packet capture should be able to recover the encryption keys.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: ransomware, security, encryption, online, PowerShell, PowerShell
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions


Securing Transactions


UK: Zenstores adds WooCommerce support

Published 31 Mar 2016 10:40 CET | World
Zenstores, a UK shipping platform for online sellers, has launched an integration with WooCommerce ecommerce platform, offering online sellers with a WordPress site to manage orders and dispatch items more easily....