Ransomware campaigns utilizing the potent Locky malware continue to be targeting hospitals worldwide. According to the latest security reports, criminals are attempting to compromise medical institutions and the healthcare industry mainly in the USA and Japan.
Locky is a potent weapon in the hands of cyber criminals
The popular ransomware still has no available public decyptor that can be used by its victims. Upon successful infiltration, the malware takes steps to safeguard itself from anti malware and anti virus software. Once the user data has been encrypted by the malicious software, it can no longer be recovered using standard methods. A lot of institutions have already fell victim to Locky attacks, and thus the malicious users have gained large amounts of money.
The success of those campaigns has led to the latest massive attack campaigns using the ransomware. This month security researchers have noticed a substantial peak of Locky activity using spam email messages that contain attachments or browser links with the malware.
The latest findings indicate that the criminal users employ novel attack methods. The email campaign that is happening right now uses unique codes embedded in each message. These codes trigger the download and execution upon user interaction from the remote command and control (C&C) server.
A new version of Locky has been documented that uses PGP privacy for setting up secure streams to the cyber criminals when Locky web traffic is employed. This ransomware has grown to be the top security threat in all malicious emails sent to potential victims.
Cyber security experts expect the number of victim hospitals and other institutions to rise as the malicious users continue to develop techniques custom made against such targets. Recently Banner Health fell victim to a criminal attack – one of the biggest security breaches reported in the last few years.