- Home
- Detectable Ransomware
- PowerWare
Ransomware Research
PowerWare Ransomware
PowerWare is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on March 1, 2016, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- PowerWare
- First Seen
- March 1, 2016
How PowerWare Ransomware Works
Targeted Files
http://sketchymoose.blogspot.com/2016/03/looking-at-cryptowall-drop.html https://www.hybrid-analysis.com/sample/69ee6349739643538dd7eb60e92368f209e12a366f00a7b80000ba02307c9bdf?environmentId=1 Requires C&C to download PowerShell payload to run -> poWerShEll.exe -WindowStyle hiddeN -ExecutionPolicy Bypass -noprofile -file %TEMP%\Y.ps1
Ransom Note and Payment Demands
After encrypting files, PowerWare displays ransom notes demanding payment for file recovery:
FILES_ENCRYPTED-READ_ME.HTML
Ransom message:
notes/FILES_ENCRYPTED-READ_ME.HTML
Note locations:
EveryFolder
Technical Indicators
Associated Executable Files
The following executable files are associated with PowerWare ransomware:
97e1ba016a575422d322238742630c19ca4d97c5125078b67e88f9527823b6f4Invoice 2016-M#72838.doc
ad857cebfa157b1deda10a2dcae95d5b4d70edfe4635f79aa22558c29d788683Invoice 2016-M#72838.doc
Invoice 2016-M#72838.doc
Invoice.doc
Invoice 2016-M
PowerWare.doc.bin
Invoice_2016-M#72838.doc
Faktura 2016-M
crap.doc
Elastio Can Help You
Don't let PowerWare ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This PowerWare ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like PowerWare.
Last updated: July 30, 2025