A major ransomware attack is now underway against multiple industries, including healthcare, according to data security and disaster recovery vendor Barracuda Networks.

However, the extent of the attack in the healthcare sector is not yet clearly known.

“In the last 24 hours, the Barracuda advanced security team has observed about 20 million attempts at a ransomware attack through an email attachment, such as “Payment_201708-6165.7z,” according to Eugene Weiss, leader of the Barracuda Content Intelligence Team. The payment number varies with each attack.

The attack starts with a spoofed email address with the attachment name and number included in the subject line and body of the message. The attachment is a JavaScript file in a 7Zip archive, which Barracuda identifies as a “file-encryption/ransomware” type virus.

Also See: Keylogger virus nabs data from women’s health center

The scan report of a virus covers overall determinations such as Verdict: “Malicious” and Reason: “Malware trend detection.” File metadata follows and includes the extension, Mime type, size and specific cryptographic hash algorithms. Here is additional information:

Delivery: The attachment arrives in the inbox. It's best to stop this attack before it arrives at your network, which is possible with an email security service such as Barracuda Essentials for Email Security and Advanced Threat Detection.

Infection: With the spoofed source address, the attack relies on impersonation to gain the trust of the recipient. If the impersonation is successful, the recipient is likely to open the Payment file attachment. At this point, the embedded threat may be executed, which will begin the process of encryption.

Ransom: After the ransomware attack reaches a pre-determined threshold, it will present a document that demands payment for the decryption file. At this point, the victim might pay the ransom, recover from backup or search for a decryption key online from a resource like NoMoreRansom. Barracuda advises against making payment to ransomware criminals “because this doesn't guarantee the decryption of your files, and it encourages them to target you again in the future.”

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access