Industry Updates

Ransomware Heavily Targeting Health Care Companies

rsz_1ransomeware_heavilyYou’ve probably seen the headlines. This year, hardly a week goes by that there isn’t a report of a company in some way connected to the health care industry falling victim to ransomware. If you think it feels like they’re being specifically targeted, you’re not imagining things.

According to the latest research by FireEye, hackers are specifically targeting health care companies, and they’re going after them with ransomware. The reason? Most health care providers deal in time critical information in a way that many other industries do not. The thinking is that these companies will pay the ransom more readily to get their files back, than to go through the often onerous process of restoring files from backup.

So far at least, it appears that the hackers are right.

There’s more. FireEye has also determined that phishing emails are the weapon of choice where hackers are concerned. They’ll send out a barrage of emails, hoping that some unsuspecting user will click on the link embedded in the message, and that’s all it takes.

On a more technical note, FireEye also discovered that hackers are migrating away from the JavaScript form of their favorite ransomware, Locky. Instead, they’re increasingly using Microsoft Word .docm files attached to email messages. These are functionally similar to .docx Word files, but they can be used to execute macros. In this case, the macro executed is the kiss of death, at least where files on the target computer are concerned.

Put this information to use no matter what industry you’re in, and especially if you’re in any way involved with health care. Be sure that your employees understand the risks involved in even opening a message from an unknown, untrusted source, much less clicking on a link or opening a file it might contain. All it takes is one user, and one careless moment.