Cyber criminals use Microsoft PowerShell in ransomware attacks: A newly discovered family of ransomw.

Cyber criminals are launching attacks on healthcare firms and other enterprises with ransomware created using Microsoft’sPowerShell scripting language for system administration.

The ransomware was discovered by researchers at security firmCarbon Black when a healthcare organisation was targeted unsuccessfully through a phishing email campaign.

The newly discovered family of ransomware – dubbed PowerWare by the researchers – targets organisations through a macro-enabled Microsoft Word document, such as a fake invoice.

This approach of using PowerShell to retrieve and execute the malicious code means the ransomware can avoid writing new files to disk and blend in with legitimate activity, making it much more difficult to detect.

Traditional ransomware variants typically install malicious files on the system which, in some instances, can be easier to detect.

Although the code is simple, PowerWare is a novel approach to ransomware, the researchers said, reflecting a growing trend of malware authors thinking outside the box in delivering ransomware.

Carbon Black researchers found that PowerWare is delivered through a macro-enabled Microsoft Word document that launches two instances of PowerShell.

One instance downloads the ransomware script and the other takes the script as input to run the malicious code to encrypt files on the target system and demand payment for releasing them.