The healthcare sector in United States, Japan, Korea and Thialand are hard hit by a massive Locky ransomware campaign that is spotted this month.
The researchers at FireEye said that they used .DCOM attachment that can be easily macro-enabled Office 2007 Word documents.
According to the researcher Ronghwa Chong, macro-based Locky ransomware is a new tactic for cybercriminals, it is distributed via spam campaigns with the payload delivered via JavaScript attachments.
“These detection spikes and change in tactics suggest that the cybercriminals are investing more to infect systems and maximize their profits,” Chong wrote. “Additionally, we have observed that the delivery of Dridex via this distribution channel seems to have stopped, or nearly so, which could explain why we are seeing the Locky uptick.”
In this June only researchers found a new version of the Locky ransomware being distributed via a resurgence of the Necurs botnet.
“Each email campaign has a specific ‘one-off’ campaign code that is used to download the Locky ransomware payload from the malicious malware server,” Chong noted.
Healthcare sector is not the only sector which is affected by the Locky, telecom, transportation and manufacturing industries are also affected by this.