Fileless ransomware is a type of fileless malware that does not require the creation of any files on the victim's system, making it much harder to detect. Instead, it uses system processes, memory, and legitimate software applications to encrypt or delete data, or block access to the system. Fileless ransomware may be spread via email phishing campaigns and browser exploits,^[0] and utilizes malicious code injection to launch malicious payloads. By using existing system resources and processes such as lolbins,^[1] lolscripts, and lollibs, the malicious attackers are able to remain undetected while encrypting data or blocking access to the system. Although the fileless ransomware itself exists in memory, it will interact with system or user files to encrypt data.

Fileless Ransomware Examples

• SOREBRECT Ransomware: The SOREBRECT ransomware begins with a hacker connecting to the victim computer by means of the legitimate PsExec lolbin,^[1] which may have compromised administrator PowerShell credentials through a number of means. The SOREBRECT Fileless Ransomware then injects its own code into the Svchost.exe lolbin,^[2] which then encrypts files.

See also:

• Lollib
• Lolbin
• Lolscript
• Fileless Malware
• Living off the Land Attack
• Ransomware
• Crypto Ransomware
• Locker Ransomware
• Scareware

---

Share this article