Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The undefeated Locky ransomware is being targeted at hospitals, again

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

August 18, 2016

According to FireEye researcher Ronghwa Chong, the very nasty and still undefeated Locky ransomware is being targeted at large hospitals again, this time across the United States and Japan in a massive number of attacks in the last few weeks.

Locky is a popular ransomware variant that will encrypt files in a manner that forces users to pay ransoms or cut their losses and purge the affected data.

In August alone, the already increasingly hammered health sector is coping with a huge amount of phishing attacks bearing the Locky ransomware.

"Throughout the month of August, FireEye Labs has observed a massive email campaigns distributing Locky ransomware," Chong asserted.

"The various campaigns have affected a number of industries, with the healthcare industry being hit the hardest based on our research," added Chong.

"The volume of Locky ransomware downloaders is increasing and the tools and techniques being used in campaigns are constantly changing."

Chong added that the surge appears to have swapped a few payloads changing the Dridex trojan for Locky.

Malware creators have shifted to DOCM format attachments away from Java to bundle up Locky, FireEye figures show, with a huge burst on August 9 and 11, and a smaller but still large round of phishing on August 15.

Overall, each email has a unique campaign code used to download Locky from a command and control server to various victim machines, Chong asserted.

"These latest malware campaigns are a reminder that users must be cautious when it comes to opening attachments in emails or they run the risk of becoming infected and possibly disrupting business operations."

In July, Locky claimed top spot for email-based malware in Q2, overtaking Dridex. Security firm Proofpoint warns that 69.2 percent of all email attacks that used malicious document attachments featured Locky ransomware in the second quarter, versus 24 percent in the first.

That followed a few upgrades in Locky to allow it to use Pretty Good Privacy (PGP) encryption to stop white hats peering into the communications traffic between victims and the bad guys.

To be sure, Locky isn't just a tool used by blackhats alone. Security chap Ivan Kwiatkowski used it to infect the computer of an Indian tech support scammer after he tried to attack his parents' PC.

Source: FireEye.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer