Monday, August 22, 2016

Latest Locky ransomware variant targets healthcare hard

A recent new strain of the latest Locky ransomware is hitting the healthcare industry, in accordance to cyber security vendor FireEye Labs.


“From our trend observation and analysis, latest Locky ransomware initiated being delivered through DOCM format email attachments more extensively beginning in the month of August,” FireEye highlighted in a latest recent alert. “This embarks a change from the huge campaigns we analyzed in the month of March, where a JavaScript-based downloader was basically being utilized to infect systems.”


The attacks also are targeting the telecom, transportation, manufacturing, and service provider and aerospace/defense sectors immensely, but nowhere near the degree that healthcare is being attacked and impacted.


In specific, attacks against healthcare and other agencies, with high similarity, were particularly pronounced on the day of August 9, 11 and 15, in accordance to FireEye.


As among the other traits in this form of invasion or attack, each email campaign has a particular “one-off” campaign code utilized to download the ransomware from a malicious server, and the malicious URL embedded with macro code is encoded utilizing the similar encoding function but with a distinctive key for each campaign, the vendor claims.


 

No comments:

Post a Comment