Ransomware is one of the most blatant and obvious money making schemes for cybercriminals and it was most likely to be known when last year Cryptolocker ransomware targeted millions of computers worldwide.
Recently, security researchers at the Antivirus firm TrendLabs have unearthed another sophisticated variant of the ransomware malware which is employing Windows PowerShell in an effort to encrypt files on the victims’ computer. The firm detected the variant as TROJ_POSHCODER.A.
Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. It provides full access to COM and WMI, enabling administrators to perform administrative tasks on both local and remote Windows systems as well as WS-Management and CIM enabling management of remote Linux systems and network devices.
It is believed that cybercriminals have used this feature of Windows just in order to make the detection and analysis of the malware harder on an affected system. However, they failed at this point as using Windows PowerShell feature made it much easier for the researchers to detect the malware.
We also reported last month that cybercriminals have now begun targeting Smartphones with a special piece of malicious software that locks up the devices until the victims pay a ransom to get the keys to unlock the phone, which highlights how money motivated criminals are continuously improving these threats over time.
What Steps can you take to reduce the risk of your equipment becoming infected? Users are advised to never open email attachments from unknown sources and make backup of your important data to an external device or on the cloud storage. If you believe you have been infected, act quickly. Stay Safe!