A recent new strain of the Locky ransomware is targeting the healthcare industry, according to cyber security vendor FireEye Labs.

“From our trend analysis, Locky ransomware started being delivered via DOCM format email attachments more extensively beginning in August,” FireEye explained in a recent alert. “This marks a change from the large campaigns we observed in March, where a JavaScript-based downloader was generally being used to infect systems.”

The attacks also are hitting the telecom, transportation, manufacturing, service provider and aerospace/defense sectors severely, but nowhere near the degree that healthcare is being attacked.

In particular, attacks against healthcare and other industries, with high similarity, were especially pronounced on August 9, 11 and 15, according to FireEye.

Among other traits in this style of attack, each email campaign has a specific “one-off” campaign code used to download the ransomware from a malicious server, and the malicious URL embedded with macro code is encoded using the same encoding function but with a different key for each campaign, the vendor says. An accompanying report, available here, shows the network patterns of the August attacks.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access