Logo
Sign InSign Up

What is Fileless Ransomware | Definition and Meaning

Last modified on Sunday, October 8, 2023

2 minute read

Defining "Fileless Ransomware"

Fileless ransomware is a type of fileless malware that does not require the creation of any files on the victim's system, making it much harder to detect. Instead, it uses system processes, memory, and legitimate software applications to encrypt or delete data, or block access to the system. Fileless ransomware may be spread via email phishing campaigns and browser exploits, and utilizes malicious code injection to launch malicious payloads. By using existing system resources and processes such as lolbins, lolscripts, and lollibs, the malicious attackers are able to remain undetected while encrypting data or blocking access to the system. Although the fileless ransomware itself exists in memory, it will interact with system or user files to encrypt data.

Fileless Ransomware Examples

  • SOREBRECT Ransomware: The SOREBRECT ransomware begins with a hacker connecting to the victim computer by means of the legitimate PsExec lolbin, which may have compromised administrator PowerShell credentials through a number of means. The SOREBRECT Fileless Ransomware then injects its own code into the Svchost.exe lolbin, which then encrypts files.

See also:


Share this article

Stellastra The Cyber Security Comparison Platform

© 2023 Stellastra Ltd. All rights reserved. All names, logos, trademarks, etc belong to their respective owners. No endorsement or partnership is necessarily implied between company and Stellastra and vice versa. Information is provided for convenience only and may not always be accurate. For the most up to date information, contact vendor directly. Scores including email security, SPF, and DMARC are calculated based on certain metrics and other analyses may return different results.

LinkedInTwitter

Company

About StellastraContact usCyber Security Risk ScoreEmail Deliverability ToolStellastra Discover

Stay up to date