back to article FireEye warns 'massive' ransomware campaign hits US, Japan hospitals

The dangerous and as-yet-undefeated Locky ransomware is being hurled at hospitals across the United States and Japan in a 'massive' number of attacks, according to FireEye researcher Ronghwa Chong. Locky is a popular ransomware variant that will encrypt files in a way that forces users to pay ransoms or cut their losses and …

  1. Pascal Monett Silver badge

    Pain is the best teacher

    Teaching users to be careful is a never-ending task. You can tell a person a hundred times to back up his data, one day he will still get it wiped and moan that he's lost everything. That, most of the time, is the day people become sensitive to the argument.

    Here it is worse. Hospital staff are harassed all day, doing five things at a time and some of those can entail risk for life if done wrong. Asking them to beware of their tools in addition is really hard to do.

    The scum that launch these mails should be found and shot for putting lives at risk.

    1. CustardGannet

      "You can tell a person a hundred times to back up his data"

      You're preaching to the choir, bro.

      I've been telling Mrs CustardGannet for 5 months (since our workplace - a large UK gubmint department - was hit by ransomware and had to restore files from backups) to copy all her docs to unpluggable memory devices.

      Even gave her the devices.

      She's still not done it.

      1. VinceH

        Re: "You can tell a person a hundred times to back up his data"

        What I've found, as well, is that even after you've told people until you're blue in the face that they should back stuff up, and after they've finally learnt that lesson the hard way, and start backing up regularly... eventually, they stop.

  2. Anonymous Coward
    Anonymous Coward

    wasn't just over there

    this actually has made my last few weeks in this place a bit more interesting - as we have had multiple people opening these emails, opening the attachment, enabling macros, and proceeding to encrypt every file in sight.

    Luckily we have backups - while it doesn't really compensate for the lost time for the organisation, I'm happy to get a ton of overtime in my last paycheck to nursemaid the restores.

    posted anonymously, as i don't think they want anyone to know they had been hit (repeatedly), due to poor email security by end users.

    good luck to those left behind, when the next big attack rolls round.


  3. adam payne

    Over the past three months we have had loads of these emails, most blocked by the filter though.

    Sent an announcement out to the whole business saying that these emails were bad news and to not open macro enabled files that come through email. Still people keep opening them.

    1. Anonymous Coward
      Anonymous Coward

      yep, they keep opening them, even on the same day that a warning message was sent out, telling them to be careful about these files.

      i have now added a hub transport rule to prepend a big warning to any emails with a macro enabled attachment, as well as an active file screen to stop any infections from managing to encrypt anything - with an email alert so that we can immediately call the user and have the machine shut down and rebuilt.

      it stopped the third occurrence dead - and if we happen to make life a bit more difficult for end users that keep doing silly things, then so much the better - maybe they will learn some basic security

      1. Calgary IT Guy

        Please describe how you created the hub transport rule that knows when a macro attachment is present (or are you simply looking for file extension .docm)?

  4. Arctic fox

    It is a very frustrating situation regarding the averge PC user.

    It is one thing that they cannot be told regarding their own pcs/tablets/phones but when even the possibility of the sack if they eff up at work does not seem to make any difference then we really have a huge problem. When it all comes down to it the choice of OS or the security measures taken are of little use if the life-form on the other side of the keyboard simply ignores what they are told. Frankly I am at a loss to suggest any measures short of electric shock treatment that would get the average punter/employee to show a modicum of common sense.

    1. Fatman

      Re: It is a very frustrating situation regarding the averge PC user.

      <quote>Frankly I am at a loss to suggest any measures short of electric shock treatment that would get the average punter/employee to show a modicum of common sense.</quote>

      Now, if you really wanted to send a message, you would have security summarily execute the next offender as they sat in their chair.

      1. Arctic fox

        "Now, if you really wanted to send a message"

        I agree that the temptation is enormous. However, the take-home message is, IMO, very straight forward. We all have our opinions about which OS is the best but there is one huge problem with all these discussions about which system is the most secure and so on and so forth. Those arguments do not take into account one simple fact. The biggest vulnerability regardless of which system one chooses (Windows, MacOS or whichever flavour of Linux you prefer) is the person using it. Everything else pales in comparison with that issue. The average computer user would fuck it up regardless of which system one chose. Hmm, maybe summary execution is the only way forward!

  5. Gene Cash Silver badge


    Ahhh. Idiot doctors and staff getting their nuts busted because of their smug "I down't knew dem puters an ah ain't gotta!" and "I'm technologically illiterate and I'm proud of it!" attitudes.

    Makes my day.

  6. Tezfair

    Strong push on zepto yesterday. All clients had flooding in, and typically one decided to open it. The servers honeypot alerted me and I managed to contain it within 3 minutes.

    Client refuses to ban zips files.

  7. Anonymous Coward
    Anonymous Coward

    apparently this is the telsacrypt 3.0/4.0 decryption key


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like