On numerous occasions we have warned about the threat of the Locky strain of ransomware, particularly in the healthcare industry. Now researchers at say FireEye that so far this month there have been some massive email campaigns spreading the malware.
It would appear that based on the findings, the healthcare industry is once again the main target, but it seems that some of the techniques have changed. The hackers responsible are beginning to use DOCM formatted attachments. Additionally, each one has unique code with instructions to download Locky from a C&C server. This isn’t surprising considering 69% of attacks in quarter two of this year involving a malicious document ended up in a Locky infection. That’s an increase over the 24% in quarter one.
FireEye’s interest may have to do with them being a company that specializes in large scale breaches, like those committed by hackers working on behalf of nation-states. These sort of large scale hacks are on the decline, and the hackers behind them are now turning to things like ransomware as a low risk, high reward means of making up for lost revenue. Consequently, companies like Firefly are beginning to realize that most business don’t have to worry so much about advanced persistent threats as they do about ransomware.
The best way to prepare for a ransomware attack is to develop robust backup and data recovery policies with those backups being stored offline, especially in the health and finance industries. Secondly, businesses and organizations need to train their employees to be able to recognize social engineering attacks and phishing emails. It’s also a good idea for everyone to be running the latest version of their operating system and that their anti-malware software is up to date. Finally, every organization should have their email gateways scan and block any malicious code it comes across.
In order to better protect yourself from being taken advantage of by ransomware, download the free Ransom Protection Checklist. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.