Defray Ransomware Massively Targeting Education, Healthcare Industry


Everyone is familiar with the ransomware virus, few month back a ransomware virus named as WannaCry Ransomware have created a massive havoc on cyber world. It hit across 150 countries and millions of computer users had to suffer from this massive havoc. Still cyber researcher have not overcome from the WannaCry issue, and now a new threat named as Defray Ransomware is making headlines. If reports are to believed, experts have pointed out Defray Ransomware has been massively targeting Education, Healthcare Industry.

The attack is so far observed from the starting week of August, and selectively targeting two important unit one is Education and Healthcare Industry and other one is Technology and Manufacturing Industry.

Researchers at Proofpoint analyzed the whole Defray Ransomware. The name was picked from the its command and control ( C&C ) server hostname which is :

Defray Ransomware being distributed via MS document attachments. On 22, August researcher caught an email containing MS documents attachments used UK based hospital logo primarily aimed at Education and Healthcare. On this report researcher can easily say that Defray Ransomware seen targeting Education, Healthcare Industry. Researcher also include that email is very similar to the mail observed on 15 August. But this time the aimed industry is different. The mail observed on 15 August contains message with subject “Order/Quote” attached with MS Word Documents, use UK based aquarium industry as lure reference.

In both email campaign the malware is embedded into an executable OLE packager shell object. If user double click on embedded mails, ransomware is dropped and install or pass itself as “taskmgr.exe” or “explorer.exe”. The hit is all clear, system of user is under risk, to make sure ransomware create a text files which is also the ransom note of Defray Ransomware which is name as FILES.TXT is saved to several folder throughout the system. The ransom price for user is set very high, in Defray Ransomware case user have to pay $5000 for their important files. It repeatedly targeting Education and Healthcare, Manufacturing and Technology based industries.

However, the Defray Ransomware do provide email addresses for the victims so that they can potentially negotiate on high ransom or even ask questions. The threat also recommend the organizations about to maintain offline backups to prevent future infections. Windows 7 computer user must be alert, ransomware easily track the daily activity and even record those activity. Cyber experts always indicate and even mentioned every time that not open the mail which is not familiar to you, or even comes from an unknown sender, one wrong mail can cause big mess. As it is seen to WannaCry ransomware attack and now with Defray Ransomware, which possible seen targeting Education and Healthcare Industry also including Technology and Manufacturing Industry.


Leave a Comment

Your email address will not be published. Required fields are marked *