PowerWare Ransomware Abuses PowerShell, Office Macros

A new fileless ransomware family has been discovered, which abuses Windows’ PowerShell for nefarious activities, a novel approach to ransomware, Carbon Black researchers warn.

Dubbed PowerWare, this piece of malware is being delivered via a more traditional method, namely macro-enabled Microsoft Word documents, but it no longer writes malicious files to disk, as most ransomware does. Instead, it calls for PowerShell, a core utility of current Windows systems, to perform malicious operations, thus attempting to blend in with more legitimate computer activity.  Read More

This entry was posted in News, Security Awareness. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *