It's not just WannaCry: Locky is targeting hospitals on outdated Windows platforms

It appears the hackers rushed the latest round of the notorious ransomware, since the campaign is currently only able to lock down XP, VistA and other older operating systems.
By Jessica Davis
01:57 PM
WannaCry ransomware Locky

One of the most notorious and seemingly indestructible ransomware variants is back. And as its hackers rushed the latest campaign, Locky is only zeroing in on outdated Windows systems.

Talos, Cisco’s cyber threat intelligence arm, was one of the security teams who discovered the reemergence of Locky.

The group responsible, Necurs, launched the favorable Jaff this year in lieu of Locky. However, Kaspersky Labs discovered a flaw in Jaff that allowed the team to create a decryptor, which shut down Jaff operations.

[Also: You were warned: Ransomware experts saw this coming]

The researchers presume this is why Necurs reintroduced their most successful virus.

The latest round of Locky is still being distributed via email with two zip attachments that contain the virus in .exe format. It’s not unlike those in the past: the emails contain order confirmations, payment receipts and other business needs. The goal is to use social engineering to dupe its victims.

Further, the latest Locky campaign accounted for 7.2 percent of email volume on just one of the security firm’s systems in the first hour of its launch. It appears the hackers have since slowed the campaign, but Necurs still continues to send the virus in smaller quantities.

[Also: Expert tips on bracing for future WannaCry attacks]

Talos realized the virus was ineffectual on its systems, as the company is running on the latest operating platforms. But there are many hospitals in the U.S. that run on outdated systems. And as Locky has launched numerous hospital-specific campaigns in the past, it’s important to fix security issues now. 

Further, as the hackers are likely aware of the flaws and have slowed its current campaign, the latest Locky campaigns are only going to increase in frequency -- and skill.

[Also: Calm before the storm? Ransomware, botnet attacks predicted to surge]

“It's always risky clicking on links or opening attachments in strange email messages,” wrote Talos researchers. “Users that fail to heed this advice can easily become ransomware victims, and if the subsequent ransom is paid, the monies will no doubt fund another round of attacks.”

“As always, organizations are encouraged to make regular backups of their data, practice restoring said data, and store your backups offline far out of the reach of potential criminals,” they added.

Twitter: @JessieFDavis
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn