Petronella Blog Archive

Visit our New Blog

Windows PowerShell Ransomware

Blog Post

Hackers have used the task automation and configuration management tool, PowerShell to write a new piece of ransomware. Used to write malware in the past, the PowerShell framework that’s included in Windows has its own scripting language and is commonly used by system administrators.

Discovered by security firm Carbon Black and going by the name PowerWare, the fileless ransomware is being spread by all too familiar phishing emails with attached Word documents that have malicious macros. Similar to other types of malware like Angler, if the victim allows the macros to run, two instances of PowerShell run, one that downloads the ransomware and another with the malware as input.

So far, PowerWare seems to be going after businesses and organizations like hospitals with a $500 ransom that doubles in a week or so. This isn’t the only malware recently that was created with PowerShell recently, but it harder to detect due to PowerShell’s popularity.

If you’re afraid you may be the victim of ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.