AUG 23, 2016
A recent new strain of the Locky ransomware is targeting the healthcare industry, according to cyber security vendor FireEye Labs.
The attacks also are hitting the telecom, transportation, manufacturing, service provider and aerospace/defense sectors severely, but nowhere near the degree that healthcare is being attacked.
In particular, attacks against healthcare and other industries, with high similarity, were especially pronounced on August 9, 11 and 15, according to FireEye.
Among other traits in this style of attack, each email campaign has a specific “one-off” campaign code used to download the ransomware from a malicious server, and the malicious URL embedded with macro code is encoded using the same encoding function but with a different key for each campaign, the vendor says. An accompanying report, available here, shows the network patterns of the August attacks.