The month of August has seen a surge in cyberattacks on healthcare IT networks in the US using the Locky ransomware, a more highly evolved and effective version of the CryptXXX family of ransomware.
Locky is so named because it locks down files and demands payment to free them and is distributed through social engineering methods. Infected files within emails encrypt files on a PC, as well as infecting attached storage devices. It can also steal cryptocurrency wallet funds on the system as well as send sensitive data to cyberattackers.
In August security researchers at FireEye observed a spike in attempts to deliver Locky, with hospitals receiving over half the infected traffic. It’s thought that hospitals are appealing to cybercriminals because healthcare IT networks are crucial to operations. And it’s a proven moneymaker. In February a hospital in Los Angeles paid nearly $17,000 in Bitcoins to restore their network. The hospital acknowledged that paying the ransom was the quickest and most efficient way to restore their systems.
For many industries, including healthcare IT, cyberattacks aren’t a matter of if, but when. Locky ransomeware attacks might be avoided through better user education and vigilance, but other attacks on the network might require quick restoration or diversion around infected parts of the network.