Hospitals More at Risk Than Ever With the New Locky Ransomware Wave

A huge increase in the number of ransomware attacks against US-based hospitals was detected by the security team at FireEye.

The infamous Locky Ransomware, delivered by powerful cybercriminal distribution campaigns, is targeting American hospitals, using a new infection tactic. During the first half of August, FireEye security experts observed a step-up in the attempts of dropping the Locky threat with 50% of the targets being healthcare institutions.

Cyber crooks are seeing hospitals as a low hanging fruit and their main target not only because IT plays an important role in the healthcare sector, but also because of the extremely valuable information they hold.

The best example to give here is the Los Angeles hospital which, earlier this year, was forced to pay the Locky authors $17,000 worth of Bitcoin to regain control over their network.

Then, Locky was still being delivered via a malicious JavaScript file, which targets received via email messages. However, Locky developers seem to have abandoned this tactic and, currently, they are relying on macro scripts attached to Microsoft office files with “DOCM” extension.

Between August 9th and 15th, numerous phishing emails were detected trying to drop the malicious Locky payload. The spike in attempts was exceptionally large on 11th August. Some of the times a message stating that someone else had asked finance files to be forwarded on was accompanying the phony emails.

This particular Locky wave was mostly hitting Japan, the US and South Korea but, in general, it was globally oriented.

The security team at FireEye warns that crooks are non-stop changing their techniques and tools and the number of Locky ransomware downloaders is rapidly increasing. All users are advised to remain on the alert to protect themselves from the vicious threat.

“These latest campaigns are a reminder that users must be cautious when it comes to opening attachments in emails or they run the risk of becoming infected and possibly disrupting business operations.” – said the FireEye researcher, Ronghwa Chong.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.