Healthcare organizations, fire departments, financial institutions remain primary targets of ransomware authors. It is not surprising – these are the institutions we rely on the most, and obviously these organizations cannot survive without data stored in their databases. Recently, cyber security experts noticed a new bash of one of the most fearsome crypto-malware Trojans, better known as Locky ransomware virus. This malicious program has been noticed attacking hospitals as primary targets. According to analysis, the most severely affected countries are the United States, Japan, and the Republic of Korea. One of the most notorious ransomware attacks hit Los Angeles hospital on February 2016. The Hollywood Presbyterian Medical Center was forced to pay 17,000 USD to retrieve encrypted files.
What is interesting is that Locky has changed its tactics again and now it uses an old trick to infect computer networks. People who have followed the news about this virus know that it used to be distributed in the form of malicious JavaScript file. It appears that cybercriminals have changed their distribution techniques once again, and now they spread this virus via email, sending malicious DOCM format files to victims. It seems that cyber criminals discovered the JavaScript-based technology is not that efficient and switched back to the initial Locky distribution technique again. Using DOCM file format files to spread the virus allows bypassing Microsoft’s security measures and infect users’ computers as soon as the victim enables macros feature.
It is very easy to deceive victims by sending such file to them, especially when they tend to present these records as invoices, reports, resumes, or other important documents that the victim “has to open and read immediately.” All computer users must be extremely cautious when exploring messages in their email inboxes. Sometimes such malicious emails manage to pass email security filters and appear in the inbox folder, and employees of large organizations can easily be tricked to open such “documents.” PC users are advised to stay away from suspicious emails sent by unknown people or organizations and prevent macros from running in Microsoft Office. You can also find more useful information on how to protect yourself from Locky virus in this post.