Locky Ramps Up Attack Methods via Facebook

 Locky Ramps Up Attack Methods via Facebook
share Share

Locky, the deadly ransomware that has been wreaking havoc on healthcare networks has ramped up its methods of attack making decryption even tougher.

A report in Healthcare IT News says there has been a drop in the frequency of ransomware attacks in recent months owing to a rise in decryption tools for ransomware strains like Crysis but Locky is slipping through the net.

How Locky hackers manage this is by using the AESIR-file extension. This disguises the virus as an email from a legitimate company with a subject line devised to encourage the reader to open the email and attached zip file.

Specifically, hackers mask the virus as a complaint query from an Internet provider saying that the user’s computer is generating SPAM.

See AlsoPhishing Emails: 97 Percent Contain Ransomware

This is not all. Locky attacks are now coming via Facebook Messenger.  A recent report in CSO detailed exactly how the malware slips past the whitelisting mechanism on Facebook through imitating an image.

Locky is then spread with a Nemucod downloader which arrives in Facebook Messenger as an .svg file.

There is still no method of decrypting Locky ransomware and recovery is only possible via a viable backup.

Healthcare data breaches are potentially costly and, in a worst-case scenario, life-threatening. To mitigate the threat, organisations should:

  • Keep systems as up to date as possible;
  • Train users about risks;
  • Undertake routine security assessments to pinpoint vulnerabilities;
  • Keep up to speed on industry trends in cyber issues.


The rise in malware attacks is largely down to employees accidentally installing malicious software onto the company network. More worrying is this happens at a rate of every four seconds claims a recent Check Point report on security. Proper training of staff to be vigilant about the ransomware threats that come via email is recommended by IT security firms.



Source: Healthcare IT News, HealthManagement.org

Image Credit: Avira Blog

«« Healthcare Now Top Gatak Trojan Target

Gates Foundation Grant for EHR Blockchain Security »»

Published on : Wed, 23 Nov 2016

Related Articles
Healthcare Cloud

  Security of patient data is a key aspect of a hospital's operation. Thus, it's important for healthcare providers to ensure... Read more

HIT security and cybercrimimals

  Cybercriminals were able to break into records of nine providers and a business associate in 2016. The number of records accessed... Read more

With hacking attacks on the rise, healthcare organisations need to beef up measures to ensure better protection of sensitive... Read more

Locky HIT security Facebook healthcare IT Locky threat increases with Facebook access to systems

No comment

Please login to leave a comment...

Highlighted Products