I published the following diary on isc.sans.edu: “Another Script-Based Ransomware“:
In the past, I already found some script-based ransomware samples written in Python or Powershell. The last one I found was only a “proof-of-concept” (my guess) but it demonstrates how easy such malware can be developed and how they remain undetected by most antivirus products.
I found a malicious VisualBasic script that attracted my attention. The SHA256 is 8c8ed4631248343f8732a83193828471e005900fbaf144589d57f6900b9c8996 and its VT score is only 3/57!. It’s no flagged as malicious but, even more, it’s reported as a simple mallicious script… [Read more]