New ransomware abuses Windows PowerShell, Word document macros

A new ransomware program written in Windows PowerShell is being used in attacks against enterprises, including health care organizations, researchers warn.

PowerShell is a task automation and configuration management framework that’s included in Windows and is commonly used by systems administrators. It has its own powerful scripting language that has been used to create sophisticated malware in the past.

The new ransomware program, dubbed PowerWare, was discovered by researchers from security firm Carbon Black and is being distributed to victims via phishing emails containing Word documents with malicious macros, an increasingly common attack technique.

To read this article in full or to leave a comment, please click here