Back in February we published a blog article regarding a highly malicious strain of the CryptoLocker ransomware called 'Locky'. Ransomware is a type of malicious software designed by cybercriminals to block access to a computer system until a sum of money is paid.
Currently there is a massive cybercriminal campaign spreading throughout the US targeting various industries, and the Healthcare industry appears to be high on the list of targets.
How does Locky get distributed?
The majority of attacks happen when people open an email with an infected word document. This word document has a macro attached. Users will receive a warning asking if they would like to run this macro, and unfortunately most users click “yes.” Once the macro is run, it distributes Locky throughout their system, encrypting every file within a matter of minutes. This may also include files on any connected servers and workstations – which will be rendered useless unless the user pays the ransom.
Luckily, Hilltop clients that have taken our advice to let us install a robust backup and disaster recovery solution such as Datto, that can have their files restored to a state before the Locky infection took place, saving them thousands — or even millions of dollars in lost time, work, and client credibility.
One important thing to remember is that ransomware attacks rely heavily on criminal social engineering tactics, meaning they need to be installed by an actual person. Educating users is your first line of defense. The second is to have a robust and comprehensive backup and disaster recovery solution like Datto.