After reading a new blog post from @stus i started thinking why in the world haven’t they considered powershell yet. Honesty forces me to say that i’ve been thinking about this a few weeks now not for the purpose of being the first one here to make a new strain of Ransomware but to figure out how they go at it.
Has anyone had those thoughts yet ( wanting to know how it works ) in order to protect oneself better?
Based on an old blog from Dave Wyatt found in Microsofts Script center , combined with a post found on the Idera community pages and a bit of home brew code i’m pretty sure one can create something with equal destructive powers. If you want to read that blog on Idera then go to the link provided and search for “Remotely Executing Applications on Behalf of Someone Else”
So assuming you can get the job to execute under someone else’s credentials you should be able to access different sets of files and wouldn’t even be requiring admin privileges. Then populate a list of assigned drive letters and for each of the one found you start executing the nasty bit.
The proverbial pot of gold would be off course if you were able to execute the code on a machine where someone’s logged in with Domain Admin credentials or even worse Enterprise admin.
That’s why some keep nagging to give users as little access as possible in order to do their job. The more they get the bigger the risk becomes.
You may notice that i do not post code this time as i don’t want to give anyone the code that might be used for this. I’d like to use this to start a discussion from which we all can learn how to protect ourselves better.