How Does Fileless Ransomware Work?

Ransomware attacks rank among the most damaging for companies of all sizes. The sudden loss of file access combined with demands for quick payment and the threat of data deletion have put many IT departments on high alert, warning users never to open unsolicited email attachments, visit suspicious websites or download third-party applications.

Nonetheless, hackers are working hard to evade increasing corporate scrutiny; ransomware-as-a-service (RaaS) threats are now targeting the historically defensible Mac OS, even as attackers roll out “fileless” ransomware vectors that leverage common computing services to execute malicious commands and download infectious payloads. Here’s a look at the potential impact — both present and future — of evolving ransomware threats.

Under Attack

What makes ransomware so popular? For many attackers, it comes down to ease of use. When companies discover their network is compromised, they’re often eager to pay the ransom, rather than risk loss of critical files or endure negative PR. The emerging bitcoin/cryptocurrency landscape also informs the spread of ransomware. In most cases, victims are directed to pay a specific sum in bitcoin (or other cryptocurrency) to a designated email address. By leveraging entirely digital currency, hackers can effectively anonymize their demand for payment, while the nature of blockchain transactions can ensure that all transfers are securely completed and cannot be reversed.

Also worth noting, new hacks utilizing the same vulnerability as popular ransomware WannaCry have been spotted installing cryptocurrency miners on victim computers. Although the machines continue to perform normal functions, they’re also tasked with a background process to create digital currency — which has potentially generated more than $1 million for attackers.

Fileless Futures?

Hackers are also getting wise to the fact that security applications and researchers can quickly red-flag and then black-list malicious files and groups, limiting the impact of traditional ransomware delivery methods. Attackers have adapted by developing new strains of fileless ransomware that uses existing processes to execute compromising commands.

Related Post

While the initial trajectory is the same — victims either open malicious email attachments or browse compromised websites — new fileless attacks don’t download any data. Instead, they open a command line and run PowerShell scripts straight into computer memory. This forces a secondary file download that contains both the ransomware dropper itself and the encryption key. Users are then faced with familiar splash screens and demands for payment. For hackers, value comes from initial contact, since traditional malware detection and anti-virus tools don’t classify PowerShell scripts as potential attack vectors. For companies, the shift in ransomware rollout demands a change in focus: Indicators of attack — such as code execution or lateral network movement — must become part of the IT security foundation.

Ransomware is on the rise, with hackers looking to grab (or create) cryptocurrency and avoid unwanted attention. For more information on fileless ransomware, read the infographic below to understand the risks to develop new strategies and lower the ransomware infection impact.

Author bio: Con Mallon is Senior Director of Product Marketing at CrowdStrike, where he oversees positioning of products and communication, go-to-market programs, competitive differentiation, and sales assets and tools. Mallon started his career in the United Kingdom, and has more than 20 years of marketing and product management experience within the technology sector. 

Guest

The writer of this post is a guest. Opinions in the article are solely of the writer and do not reflect The Merkle's view.

Share
Published by
Guest
Tags: ransomware

Recent Posts

Top Secrets to Identifying the Best Crypto to Buy This Week Before It’s Too Late!

In a world where the digital economy is growing at lightning speed, the race to…

12 hours ago

NYC Entrepreneur Wins Big with BTC: BlockDAG Could Be Next

Mia Sanders, NYC Entrepreneur, Made Millions by Investing in BTC: Could BlockDAG Be Next for…

1 day ago

Miami Artist Earns $5.2M with Solana: BlockDAG’s Future Prospects?

A Miami Artist's $5.2M Solana Success: Does BlockDAG Hold Equal Promises for 30,000x ROI? Success…

2 days ago

Chainlink And Aptos Investors Migrate To The Presale Of New Crypto Instant Funding Prop Firm FXGuys ($FXG)

Recent market trends show that the new DeFi coin, FXGuys ($FXG), has been the go-to…

2 days ago

Polkadot Price Prediction; Can XLM’s Rally Hold Strong as New Crypto Brings Passive Income? 

Curious about where the Polkadot price is headed? Or maybe you’re wondering if XLM’s rally…

2 days ago

Best Crypto Presale to Watch: Could This Be the Next 9000% Breakout Star?

Any investor can achieve outstanding profit by selecting the best crypto presale in the growing…

2 days ago