The prolific Locky ransomware has set its sights on industries and primarily the healthcare sector. A "massive" campaign spotted by security researchers in August, was found to be delivering Locky via email phishing campaigns. The top three nations targeted by the ransomware were the US, Japan and South Korea. Hospitals in these three countries were especially hit hard by the ransomware campaign.
Locky is a popular ransomware strain among cybercriminals, which after infecting victims' systems, encrypts their files, prompting victims to pay up a ransom to get back their stolen data. In March, security researchers noted a substantial spike in Locky's activities. Locky gained notoriety after the high-profile attack on the Hollywood Presbyterian Medical Centre, which saw the hackers behind the ransomware making away with $17,000 in Bitcoins as ransom.
FireEye noted that each of the email campaigns came with a "specific 'one-off' campaign code that is used to download the Locky ransomware payload from the malicious malware server". The ransomware also affected the manufacturing, telecom and transportation industries, among others. Countries, including Germany, Hong Kong, Saudi Arabia, Australia, Canada and UK were also targeted by the Locky campaign. It is still unclear as to how many were affected by the Locky campaign.
"The volume of Locky ransomware downloaders is increasing and the tools and techniques being used in campaigns are constantly changing. On top of that, cybercrime trends have shown that attackers are distributing more ransomware these days than banking trojans, as the former appears to be more lucrative. These latest campaigns are a reminder that users must be cautious when it comes to opening attachments in emails or they run the risk of becoming infected and possibly disrupting business operations," Chong said.