Locky Ransomware Campaign Hits U.S. Hospitals with a Vengeance

no image

Although it’s targeting a number of global industries, U.S. healthcare has been the primary target of a recent Locky ransomware campaign that reached its peak in August. The movement and evolution of the virus has been tracked by FireEye Labs, a cybersecurity provider specializing in malware protection. The most recent Locky strike began sometime between August 9 and 15, with the largest spike in exploit attempts reached on August 11. This particular ransomware strain was first detected by security watchdogs in February, which began its life-cycle as a basic virus disguised as a Microsoft Word invoice in an email attachment.

ThinkstockPhotos 101858621
Doctor preparing online internet prescription

This latest blitzkrieg by Locky, however, uses DOCM, or macro-enabled files in MS Word, to deliver the ransomware goods to the recipient. FireEye Labs’ report on the “new and improved” Locky shows that this is a radical change from the March Locky campaigns, where JavaScript was used as a downloader. The Locky programmers also snuck in a devious message saying that an associate had asked for financial files to be forwarded, causing many to fall for the ruse.

Security Questions

Security vendors such as Kaspersky, McAfee, Trend Micro, Cisco, and Symantec have readied ransomware decryption tools to help the hospitals currently being targeted, but will they work on all ransomware strains? Reports have it that they can’t decrypt all strains, but they will be able to cover certain of the main exploits. For decryption to work, there have to be weaknesses in the ransomware strain, says CTO of Emsisoft Fabian Wosar. And those weaknesses depend on ransomware authors making a mistake in the scripting that presents a decryption vulnerability.

Locky – along with fellow ransomware menaces Cryptoblocker and Petra – have the right encryption algorithms that are currently keeping them from being cracked. Cameron Camp, a researcher at ESET, an IT security firm, echoes the notion amongst his colleagues that breaking encryption on these sophisticated exploits takes great effort, as well as patience. “Malicious code is a serious threat to virtual systems, and there are some non-obvious attack vectors in virtual systems,” says Camp. “It’s important to understand how to mount a strong defense against malware in the virtual world. Monitoring is the first step.”

Expert Opinions

Daniel Nigrin, MD, Boston Children’s Hospital CIO, says that the cybersecurity necessary to beat ransomware goes way beyond safeguarding data. Says Erik Devine, Chief Security Officer at Illinois health concern Riverside HealthCare, “Health systems have the money and they’re willing to pay it, especially if they are behind the times and do not have the technology to undo a ransomware attack. Ransomware attacks will continue to happen until the reward for the hacker is less than the risk and effort to do the attack. Ransomware attacks in healthcare will increase in the years to come.”

We shouldn’t let that be so grim a statement, though, as security specialists discern loopholes and learn from weaknesses in ransomware exploits that will help them counteract these malicious programs with anti-ransomware decryption that contains equally effective power.

Contact an IT Pro

If you have questions or concerns about ransomware protections, Globalquest is the leader in providing managed IT services and consulting in {city}. Contact our expert IT staff at 716-601-3524 or send us an email at info@globalquestinc.com if you have any questions or concerns regarding cybersecurity or ransomware, and we will be happy to answer any and all your questions.

Subscribe to the Globalquest Blog

Latest Blogs


We’re ready to help you see how the right IT solutions can transform your business.

We’re ready to help you see how the right IT solutions can transform your business. Contact Globalquest today to learn more about what we can do to help you pursue your goals.

Call us at (716) 601-3524 or send an email to info@globalquestinc.com

Book your complimentary consultation today

GlobalQuest will never sell or rent your contact information. Your info is secure with us.