Although it’s targeting a number of global industries, U.S. healthcare has been the primary target of a recent Locky ransomware campaign that reached its peak in August. The movement and evolution of the virus has been tracked by FireEye Labs, a cybersecurity provider specializing in malware protection. The most recent Locky strike began sometime between August 9 and 15, with the largest spike in exploit attempts reached on August 11. This particular ransomware strain was first detected by security watchdogs in February, which began its life-cycle as a basic virus disguised as a Microsoft Word invoice in an email attachment.
Security vendors such as Kaspersky, McAfee, Trend Micro, Cisco, and Symantec have readied ransomware decryption tools to help the hospitals currently being targeted, but will they work on all ransomware strains? Reports have it that they can’t decrypt all strains, but they will be able to cover certain of the main exploits. For decryption to work, there have to be weaknesses in the ransomware strain, says CTO of Emsisoft Fabian Wosar. And those weaknesses depend on ransomware authors making a mistake in the scripting that presents a decryption vulnerability.
Locky – along with fellow ransomware menaces Cryptoblocker and Petra – have the right encryption algorithms that are currently keeping them from being cracked. Cameron Camp, a researcher at ESET, an IT security firm, echoes the notion amongst his colleagues that breaking encryption on these sophisticated exploits takes great effort, as well as patience. “Malicious code is a serious threat to virtual systems, and there are some non-obvious attack vectors in virtual systems,” says Camp. “It’s important to understand how to mount a strong defense against malware in the virtual world. Monitoring is the first step.”
Daniel Nigrin, MD, Boston Children’s Hospital CIO, says that the cybersecurity necessary to beat ransomware goes way beyond safeguarding data. Says Erik Devine, Chief Security Officer at Illinois health concern Riverside HealthCare, “Health systems have the money and they’re willing to pay it, especially if they are behind the times and do not have the technology to undo a ransomware attack. Ransomware attacks will continue to happen until the reward for the hacker is less than the risk and effort to do the attack. Ransomware attacks in healthcare will increase in the years to come.”
We shouldn’t let that be so grim a statement, though, as security specialists discern loopholes and learn from weaknesses in ransomware exploits that will help them counteract these malicious programs with anti-ransomware decryption that contains equally effective power.
Contact an IT Pro
If you have questions or concerns about ransomware protections, Cooper Technologies, Inc. is the leader in providing managed IT services and consulting in Sacramento. Contact our expert IT staff at (855) 303-5378 or send us an email at email@example.com if you have any questions or concerns regarding cybersecurity or ransomware, and we will be happy to answer any and all your questions.