Topics
Reimbursement
Senators urge action on physician payment cut before end of lame duck session
Senators urge action on physician payment cut
Revenue Cycle Management
Trends 2025: The demand for interim revenue cycle executives
Trends 2025: The demand for interim revenue cycle executives
Strategic Planning
Advocate spending $1 billion on new hospital and outpatient services
Advocate spending $1B on new hospital and outpatient services
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Healthcare expenditures rise on increased coverage and utilization
Healthcare expenditures rise on increased coverage and utilization
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
American Heart Association launching HCM initiative
American Heart Association launching HCM initiative
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Male physicians have more net worth than female counterparts
Male physicians have more net worth than females
Operations
5.6 million people affected by Ascension cyberattack
5.6 million people affected by Ascension cyberattack
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Children's Medical expands with new patient tower
Children's Medical expands with new patient tower
Compliance & Legal
Nebraska sues Change Healthcare over ransomware attack
Nebraska sues Change over ransomware attack
Policy and Legislation
Telehealth gets short extension, physician pay is cut in spending bill
Telehealth gets short extension, physician pay is cut in spending bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
HIMSSCast: Research as restorative physician medicine
HIMSSCast: Research as restorative physician medicine
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Medicare enrollees to pay less for 64 additional drugs
Medicare enrollees to pay less for 64 additional drugs
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
Senate bill proposes to rein in PBMs by forcing them to sell pharmacy businesses
Senate bill proposes to rein in PBMs
Population Health
Weight loss drugs can save patients and healthcare dollars
Weight loss drugs can save patients and healthcare dollars
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Trends 2025: Telehealth's future faces a Friday deadline
Trends 2025: Telehealth's future faces a Friday deadline
Mergers & Acquisitions
Addus Homecare buttons up $350 million Gentiva acquisition
Addus Homecare buttons up $350M Gentiva acquisition
View more
Nov 22, 2016 More on Risk Management

Hospital-targeting Locky ransomware ups attack methods

There is still no way to decrypt the virus, first discovered in March. It's now spreading via Facebook messenger.

Jessica Davis, Associate Editor

In February, Locky was found in the wild, wreaking havoc on networks. And despite the drop in the frequency of ransomware attacks in recent months and increase of decryption tools for strains like Crysis, Locky is upping the ante on its attack method.

The latest ransomware downloader uses the AESIR-file extension. It masks the virus as an email from valid companies and a subject line designed to encourage the reader to both read the email and open the zip attachment, according to Derek Knight of UK-company My Online Security.

More specifically, Locky hackers disguise the virus as a complaint from an internet service provider that SPAM is coming from the user's computer.

[Also: University of Southern California hospitals back online after ransomware attack]

Another recent attack vector for Locky is Facebook Messenger. A new report form CSO shows how the malware is able to evade whitelisting on Facebook by mimicking an image. It can be spread via a downloader via Nemucod, according to the site, which is delivered via Facebook Messenger as an .svg file.

There is still no way to decrypt Locky ransomware. And the only way to recover files is through a viable backup.

The key to a successful, flawless ransomware campaign is constantly evolving the program and delivery methods – it makes them incredibly secure, according to Fabian Woser, chief technology officer for Emsisoft, an anti-malware vendor.

Locky and Cryptoware strains are seemingly impossible to decrypt, he added. Locky gets all of the small factors right, such as the encryption algorithm and cryptographic keys.

[Also: Locky ransomware attacks hit hospitals the hardest, report says]

"It's surprisingly hard to generate random keys: There's no randomness with computers," Woser said. "Key space is very common mistake in ransomware these days because they don't understand how random key generating works."

Initially, Locky was distributed via email campaigns that hid the virus in Microsoft Word invoices and preyed on human error.

In August, Locky reared its head again with a massive campaign that ran rampant on the healthcare industry. The virus adjusted its delivery method with DOCM files, which are macro-enabled files used in Microsoft Word.

This article first appeared in Healthcare IT news.

Twitter: @JessiefDavis

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.