Ransomware uses PsExec to infect target systems
Researchers at Trend Micro have identified some new ransomware that can bypass antivirus because it is fileless and relies on injecting code into a legitimate system process.
The Hacker News has an article about the malware. According to the article, Sorebrect seems to be targeting these business areas:
I believe the tools mentioned in my first blog post can mitigate this new ransomware as well as any ransomware I'm aware of.
RansomFree by Cybereason is the Windows tool that can help block Ransomware.
In addition to RansomFree, which I reference in that Blog post, you can do the following:
- Don't use an account with local Administrator privileges for normal usage.
- Limit privileges for PsExec.
- Back up your data.