By Oleg Boyarchuk and Stefano Ortolani Introduction When ransomware behavior is clearly exhibited, it is relatively easy for a sandbox or a personal A/V to assert detection; after all, in its simplest form, ransomware malware must at least: (1) search for files to be encrypted, and (2)...

Authored by: Alexander Sevtsov Edited by: Stefano Ortolani In the previous article, we have described an attack that makes use of a script moniker to execute a Windows Script Component (WSC) file or scriptlet. A scriptlet is nothing more than an XML-file wrapping a script like JScript, VBScript,...