By Lucian Constantin
A new ransomware called PowerWare is completely written in the Windows PowerShell® scripting language and is already being used in attacks on organizations. Typically, it takes the form of malicious macros hidden in Microsoft Word documents.
Lucian Constantin writes, “PowerShell is a task automation and configuration management framework that’s included in Windows and is commonly used by systems administrators. It has its own powerful scripting language that has been used to create sophisticated malware in the past.
“The new ransomware program, dubbed PowerWare, was discovered by researchers from security firm Carbon Black and is being distributed to victims via phishing e-mails containing Word documents with malicious macros, an increasingly common attack technique.
“The Carbon Black team found PowerWare when it targeted one of its customers: an unnamed healthcare organization. Multiple hospitals have recently fallen victim to ransomware attacks.”
Read on here.