Major ransomware attack hits healthcare and other industries
Hackers launch 20 million attacks in the last 24 hours, data security organization warns.
A major ransomware attack is now underway against multiple industries, including healthcare, according to data security and disaster recovery vendor Barracuda Networks.
However, the extent of the attack in the healthcare sector is not yet clearly known.
“In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment, such as “Payment_201708-6165.7z,” according to Eugene Weiss, leader of the Barracuda Content Intelligence Team. The payment number varies with each attack.
The attack starts with a spoofed email address with the attachment name and number included in the subject line and body of the message. The attachment is a JavaScript file in a 7Zip archive, which Barracuda identifies as a “file-encryption/ransomware” type virus.
Also See: Keylogger virus nabs data from women’s health center
The scan report of a virus covers overall determinations such as Verdict: “Malicious” and Reason: “Malware trend detection.” File metadata follows and includes the extension, Mime type, size and specific cryptographic hash algorithms. Here is additional information:
Delivery: The attachment arrives in the inbox. It's best to stop this attack before it arrives at your network, which is possible with an email security service such as Barracuda Essentials for Email Security and Advanced Threat Detection.
Infection: With the spoofed source address, the attack relies on impersonation to gain the trust of the recipient. If the impersonation is successful, the recipient is likely to open the Payment file attachment. At this point, the embedded threat may be executed, which will begin the process of encryption.
Ransom: After the ransomware attack reaches a pre-determined threshold, it will present a document that demands payment for the decryption file. At this point, the victim might pay the ransom, recover from backup or search for a decryption key online from a resource like NoMoreRansom. Barracuda advises against making payment to ransomware criminals “because this doesn't guarantee the decryption of your files, and it encourages them to target you again in the future.”
However, the extent of the attack in the healthcare sector is not yet clearly known.
“In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment, such as “Payment_201708-6165.7z,” according to Eugene Weiss, leader of the Barracuda Content Intelligence Team. The payment number varies with each attack.
The attack starts with a spoofed email address with the attachment name and number included in the subject line and body of the message. The attachment is a JavaScript file in a 7Zip archive, which Barracuda identifies as a “file-encryption/ransomware” type virus.
Also See: Keylogger virus nabs data from women’s health center
The scan report of a virus covers overall determinations such as Verdict: “Malicious” and Reason: “Malware trend detection.” File metadata follows and includes the extension, Mime type, size and specific cryptographic hash algorithms. Here is additional information:
Delivery: The attachment arrives in the inbox. It's best to stop this attack before it arrives at your network, which is possible with an email security service such as Barracuda Essentials for Email Security and Advanced Threat Detection.
Infection: With the spoofed source address, the attack relies on impersonation to gain the trust of the recipient. If the impersonation is successful, the recipient is likely to open the Payment file attachment. At this point, the embedded threat may be executed, which will begin the process of encryption.
Ransom: After the ransomware attack reaches a pre-determined threshold, it will present a document that demands payment for the decryption file. At this point, the victim might pay the ransom, recover from backup or search for a decryption key online from a resource like NoMoreRansom. Barracuda advises against making payment to ransomware criminals “because this doesn't guarantee the decryption of your files, and it encourages them to target you again in the future.”
More for you
Loading data for hdm_tax_topic #care-team-experience...