File-less Ransomware Uses Windows Tools Against You

File-less Ransomware Uses Windows Tools Against You

By now everyone knows about ransomware, the dastardly strand of malware that encrypts data (or the drives it’s stored on) and sends the user a message demanding payment in a certain amount of time before the data is deleted forever.

To add a little more menace to an already stressful situation, the message includes a countdown clock. If it sounds like a bad situation, rest assured it is. How could it get worse you ask? Simple, make it more difficult to stop.

Companies of all sizes spend a pretty penny in IT security and training to ensure that they aren’t the next organization to fall victim of a hacker’s sick joke. What if we told you that all that expense was spent getting ready for an attack that could be already lying dormant in a file in a computer on your network? This could be the case as malware is now going fileless.

Okay, we know what you’re thinking…

Fileless malware?! What?

Today, we’ll go into what fileless malware exactly is, and how it isn’t great news for most people and businesses.

Starting with some good news is always appreciated, so the reason why hackers are now utilizing more file-less malware is because people and organizations are doing a great job fighting against traditional methods of infection.

In fact, 99.9 percent of all would-be malware attacks were turned away in 2017; so, while it didn’t have a marked effect for those organizations that were unlucky enough to have dealt with ransomware or some other devastating strain of malware, lots of would-be attacks were mitigated.

For years ransomware growth has facilitated a major shift in the way that organizations looked at the dangers that are coming from the Internet. Sure, there had been plenty of malware dispersed for years, but fileless malware doesn’t work like other malware.

Fileless malware attacks take default Windows tools such as PowerShell and Windows Management Instrumentation (WMI) and use them to support the malicious activity. Powershell and WMI are installed on every single Windows-run machine, and since they are used to manage and support a system’s well-being, they are working to keep the system functioning properly.

How It Works

Luckily for most organizations, the way fileless malware is dispersed is largely the same as most other malware strains, through phishing emails and messages. For this reason, if your organization has been doing its best to train its employees on the best practices to keep free from malware, those initiatives still pertain here.

Instead of an email attachment or link downloading the malware onto your system immediately, fileless malware runs a macro in the RAM of a machine and starts a command line which runs the application. That application, whether it be PowerShell or WMI are then commanded to encrypt the files/drives.

After that, the user of the machine gets presented the message saying that the files are being held for payment, setting the ransomware process in motion. Typically, this is when it will give the user a short amount of time to provide payment to regain control over the files.

At WheelHouse IT, we know the last thing you need is your operating system turning against you. We also know just how challenging it is to detect this type of malware. We’ve developed solutions and practices to fight even the most targeted and powerful malware.

Call us today at (877) 771-2384 to learn more about stopping fileless malware and keeping your organization’s IT working for you.

What is Ransomware? 5 Things You Need to Know About Ransomware

What is Ransomware? 5 Things You Need to Know About Ransomware

Ransomware has been a hot topic of conversation recently, and this is for good reason as attacks are on the rise. In fact, it is estimated that ransomware attacks increased by 600% in 2016 over the previous year. It is also believed that these attacks ended up costing businesses over $1B. What is ransomware? To help your business avoid becoming part of this statistic, here are the top 5 things you need to know about ransomware.

  • What Ransomware Is: Ransomware is a form of malware that hackers use to block your access to your files. Criminals either encrypt or remove your files so that you do not have access to them and then demand a ransom be paid in exchange for access to your information.
  • Paying The Ransom Doesn’t Help: However, while criminals use ransomware to extort businesses and individuals, paying the ransom usually does little except give the hackers motivation to keep doing the same thing. The fact is that paying the ransom does not work, and most businesses do not get their files back.
  • Prevention is Key: If paying the ransom doesn’t work, you may be wondering what your options are. When it comes to ransomware attacks, the best thing you can do is to prevent the attacks from occurring in the first place. Antivirus and anti-malware software can go a long way in helping to protect your files. You will also want to keep your operating system and your computer’s programs up to date as criminals often use vulnerabilities in outdated software to access your system.
  • So Are Backups: Backups are also key in reducing your vulnerability. By backing up all of your system’s files on a regular basis, you will stand to lose less should you come under a ransomware attack.
  • Not Just Your Windows PC is at Risk: There is often a misconception that only Windows PCs are at risk of coming under a ransomware attack. However, while many attacks target Windows, as this is the most common operating system, ransomware has also targeted Apple computers and Android devices, making it imperative that you protect all of your devices.

These are just a few of the things you need to know. Contact us to learn more about ransomware attacks.

Check Out Our Blog!