According to researchers, a new variant of ransomware has stepped onto the scene, choosing the healthcare industry as its target. Researchers from the security firm Forcepoint have discovered the ransomware, which has been name Philadelphia. An article over on Healthcare IT News explores how the newly discovered virus works.
Philadelphia can be purchased by amateur cybercriminals and is believed to be spread by spear-phishing emails. Traditionally we see phishing emails containing attached files, however Philadelphia works a bit differently, luring users in by providing links to click on in the email body.
The virus is similar to a previous virus, Stampado. Fortunately, Stampado was unsophisticated, resulting in its early demise as researchers quickly discovered how to decrypt it.
Looking at Philadelphia, If the targeted individual falls for the scam by clicking the link provided, a malicious Microsoft Word file is downloaded onto the users’ system. The Microsoft Word file is customized with the healthcare organization’s logo and a medical practitioners’ signature from within that organization to make the file even more convincing.
Once executed, the virus sends the type of the operating system, username, country and system language of the victim to its command and control server bridge. Command and control replies with a generated victim ID, Bitcoin wallet ID and the ransomware demand in Bitcoin.”
Philadelphia has already been used to infect a hospital in Oregon and Washington, and research shows more attacks will likely follow.
An analysis of the variant found the term ‘hospitalspam’ in the directory path, indicating it’s not an isolated case — but part of an ongoing hospital spear-phishing campaign that began in March.”
Spear-phishing attacks are becoming more popular, targeting employees with the most privileges. Cybercriminals are also learning how to tailor their attacks by gathering information about their victims from various platforms, including social media making them extremely effective.
The use of Philadelphia may indicate that ransomware-as-service platforms will begin targeting their attacks on the healthcare industry.[divider_line] [framed_box bgColor=”#ffd390″]
Train your employees to spot ransomware!
All Covered Entities and Business Associates need to train their employees on HIPAA security. Our training not only focuses on HIPAA regulations, but concentrates on the risk of data breaches. We emphasize the dangers of phishing emails, phishing websites and ransomware. We teach employees how to spot phishing emails and how ransomware attacks a network so they can avoid being a victim.
Now it is easy to train your employees on protecting patient information!