Tag Archives: AlienVault

MacRansom (& MacSpy)

(MacSpy isn’t ransomware, but seems to have been developed by the same author, and both are offered as as-a-service malware.)

Zeljka Zorz for HelpNet Security: Two Mac malware-as-a-Service offerings uncovered. According to HelpNet ‘Patric Wardle’s RansomWhere? tool can also stop MacRansomware from doing any damage.’

Rommel Joven and Wayne Chin Yick Low, for Fortinet: MacRansom: Offered as Ransomware as a Service

Fortinet notes that “Nevertheless, we are still skeptical of the author’s claim to be able to decrypt the hijacked files, even assuming that the victims sent the author an unknown random file…”

AlienVault: MacSpy: OS X RAT as a Service

David Harley


PowerWare Ransomware

AlienVault: PowerWare “Fileless Infection” Deepens Ransomware Conundrum for Healthcare Providers

Michael Mimoso for Threat Post (Kaspersky): Fileless Powerware Ransomware Found On Healthcare Network

Carbon Black flexes its PR muscles and manages not to mention that ‘AV is Dead’ in its analysis: Threat Alert: “PowerWare,” New Ransomware Written in PowerShell, Targets Organizations via Microsoft Word. It does share Indicators of Compromise, but as a graphic rather than as text. However, the Word doc used to spread the malware is detected (according to VirusTotal) by 34 products at the time of writing: 69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf. The ransomware script is also widely detected: https://www.virustotal.com/en/file/02beca974ecc4f871d8d42462ef305ae595fb6906ad764e6e5b6effe5ff05f29/analysis/.

David Harley