Recently, ransomware campaigns have been increasingly attacking the healthcare industry. It is currently unknown whether the attacks are specifically targeted, or if they are targets of opportunity.


Locky is a very recent ransomware variant.

Encrypting your data using AES encryption, demanding bitcoins to decrypt your files, the ransomware sounds like one named by my kids, yet there is nothing childish about it.  It targets a range of file extensions and even more importantly, encrypts data on unmapped network shares.  Encrypting data on unmapped network shares is trivial to code and the fact that we saw the recent DMA Locker with this feature and now in Locky, it is safe to say that it is going to become the norm.  Like CryptoWall, Locky also completely changes the filenames for encrypted files to make it more difficult to restore the right data. At the moment, there is no known way to decrypt files encrypted by Locky.


Distributed via emails containing Word document attachments with malicious macros, the email message will contain a subject similar to ATTN: Invoice J-98223146 and a message such as "Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice",  seen below:



Learn more about Locky here...