LockFile Ransomware Avoids Detection
LockFIle is a new ransomware threat that uses intermittent encryption to avoid detection from ransomware protections. This threat specifically affects Windows users, as it exploits known flaws to gain access to Windows servers. Once deployed, the malware encrypts only every other 16 bytes of a file, allowing it to avoid detection.
Mark Loman, Sophos director of engineering said in a statement, “Partial encryption is generally used by ransomware operators to speed up the encryption process and we’ve seen it implemented by BlackMatter, DarkSide and LockBit 2.0 ransomware. What sets LockFile apart is that, unlike the others, it doesn’t encrypt the first few blocks. Instead, LockFile encrypts every other 16 bytes of a document. This means that a file such as a text document remains partially readable and looks statistically like the original. This trick can be successful against ransomware protection software that relies on inspecting content using statistical analysis to detect encryption.”
The ransomware uses the Windows Management Interface to terminate virtualization software and database critical processes, and then proceeds to partially encrypt files. Once it has finished encrypting files, the ransomware deletes itself, preventing antivirus software or incident responders from being able to find or clean up the ransomware.
Loman furthered, “The message here for defenders is that the cyberthreat landscape never stands still, and adversaries will quickly seize every possible opportunity or tool to launch a successful attack.”
Healthcare Cybersecurity Threats: Keeping Your Organization Protected
As healthcare cybersecurity threats have become more prevalent, it is more important than ever to protect your patients’ protected health information from exposure. Healthcare organizations that are HIPAA compliant are less likely to fall victim to healthcare cybersecurity threats, as HIPAA compliance mandates the implementation of advanced cybersecurity practices. It is also important to keep informed of new threats to your security, which is best done by having dedicated IT support to monitor your cybersecurity health.