PowerWare ransomware is healthcare’s new security threat

Featured image

Share this article

PowerWare Ransomware is Healthcare’s New Security Threat - Paubox

We’ve previously covered how Hollywood Presbyterian Medical Center fell victim to a ransomware attack in February. To get their network back online, management decided their best option was to pay the ransom: $17,000 in bitcoin.

As you might expect, paying a ransom only enables the behavior. As we would see in March, ransomware attacks in healthcare increased sharply. Of particular note is a new type of ransomware making the rounds in healthcare networks, PowerWare.

PowerWare: New Ransomware written in PowerShell

PowerWare was discovered a week ago by security researchers at Carbon Black. The bad guys behind PowerWare are spreading it via email by attaching a Word document claiming to be an invoice. The attackers then use one of the oldest tricks in the books: They request the user to enable macros to correctly view the fake invoice.

Once enabled, the macros launch PowerShell, the native Windows framework that uses a command-line shell to perform nefarious tasks. The use of PowerShell allows the ransomware to avoid writing files to disk and thus makes threat detection quite difficult. It also allows the ransomware to encrypt files on the victim’s PC.

Once a victim’s files are encrypted, the latest versions of PowerWare actually increase the ransom amount with each passing week.

PowerWare Prevention: Looking Ahead

So what can be done to combat PowerWare? As it turns out, macros are still widely used in legitimate MS Word and Excel spreadsheets. Simply barring any email attachments that contain macros may seem draconian in 2016, but it may turn out to be best solution. As we’ve seen with .exe, .bat, and .scr file extensions, end users eventually come to terms that sending those types of files via email just isn’t supported. We may be seeing the beginnings of that with office docs containing macros.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022