Share this article on:
Two hospitals have been attacked and had their files encrypted by Philadelphia ransomware. The latest campaign appears to be targeting hospitals in the United States.
Philadelphia ransomware is a form of Stampedo ransomware that was first identified last fall. The new ransomware variant is not particularly sophisticated and a free decryptor does exist (Available from Emisoft); however, a successful attack is likely to prove costly to resolve and has potential to cause considerable disruption. An attack may even warrant HIPAA breach notifications to be sent to patients if ePHI is encrypted.
The ransomware variant has been made available under an affiliate model and amateur attacks are being conducted. Brian Krebs recently found an online video promoting the ransomware variant highlighting its features and its potential for customization. The video claims that Philadelphia ransomware is the most advanced and customizable ransomware variant available.
Any would-be attacker can rent the ransomware by paying a one-off fee of $400 to the authors. After the fee is paid, the ransomware can be customized and used for personal campaigns.
At least one individual is conducting attacks on healthcare organizations, according to Forcepoint. Its researchers detected a campaign that uses a malicious DOCX file to download the ransomware. In this case, the Word document was not attached to a spam email, instead a malicious link was sent in a spear phishing email. Clicking the link triggers a download of a malicious DOCX file.
The attacker has used a variety of techniques to improve the chances of the icons being clicked. Spear phishing emails are sent to individuals within a targeted healthcare organization. The Word document contains the health organization’s logo along with the name of a physician at the hospital. The icons in the Word document appear to link to patient information contained in the file.
The discovery shows malicious actors are actively targeting the healthcare sector and further attacks are likely.
Recovery from a Philadelphia ransomware attack is a fairly straightforward process; however, the rise in popularity of ransomware-as-a-service could see healthcare organizations targeted more heavily over the coming months. Other ransomware variants may not prove so easy to remove.
Hospitals and other healthcare organizations should ensure they have implemented defenses against ransomware attacks, developed a disaster response plan specifically for ransomware attacks and have effective backup policies in place.