Philadelphia Ransomware: New Infection in Healthcare Industry

Philadelphia Ransomware: New Infection in Healthcare Industry

A new ransomware strain was discovered by security officials of Forcepoint, Texas that is targeting healthcare organizations. The Philadelphia ransomware is from the Stampado family. This ransomware kit is sold online for a few hundred dollars and attackers demand ransom in form of Bitcoins.

Researchers found that Philadelphia ransomware is transported via spear-phishing emails. Such emails are sent to the hospitals with a message body of a shortened URL that directs towards a personal storage space serving a weaponized DOCX file with the logo of targeted healthcare organization. The employees get trapped and end up clicking on these links that makes the ransomware infiltrate in the system.

ransomware-in-health-care

Image Source: forcepoint.com

Once the ransomware is established in the system, it contacts the C&C server and transfers all the information about the victim computer like operating system, country, system language and username of machine. The C&C server than generates a victim ID, ransom price and Bitcoin wallet ID and sends it over to the targeted machine.

The encryption technique used by Philadelphia Ransomware is AES-256, which demands a ransom of 0.3 Bitcoins once its finished locking your files. Its engrossment towards health industry can be observed by the its directory path that shows ‘hospital/spam’ as a string in its encrypted JavaScript along with ‘hospital/spa’ contained in its C&C server pathway.

rensomware-demand-money

Image Source: funender.com

What’s Philadelphia:

Okay, everyone knows it’s the largest city of Pennsylvania and blah blah blah… but as far as cybercrime is concerned, it is also an updated version of the notorious Stampado ransomware type virus. In phishing emails, you may encounter them with fake overdue payment notices. These mails mostly include links to Philadelphia’s websites, which are kept ready with Java applications to install ransomware in your system.

See Also: Top 5 Ransomware Protection Tools

Philadelphia starts encrypting files with various extensions like .doc,.bmp, .avi, .7z, .pdf etc., after a successful intrusion in the system. You can identify an encrypted file locked by Philadelphia with its extension as ‘.locked’. For example, a file in your system with the name of ‘abc.bmp’ would be encrypted and renamed as ‘KD24KIH83483BJAKDF8JDR7.locked’. Once you try to open the encrypted file, ransomware opens a new window with a ransom demanded in message.

The ransom message informs you that the files have been encrypted and you’ve got to pay them to restore. Philadelphia uses an asymmetric encryption algorithm which creates a public (encryption) and private (decryption) keys while encrypting and locking the files. Decrypting the locked files without the private key is like boiling an ocean as they are located on remote servers guarded by cyber criminals.

The window contains two interesting timers: Deadline and Russian Roulette. While deadline timer indicates, the time remaining in getting your private key, the Russian Roulette shows the time to delete the next file (pushing you to buy it without sparing time in searching for help). It is indeed a threat but that’s the only thing about it which is not fake.

ransomware-attack-in-hospitals

Image Source: forbes.com

Can You Avoid this Situation?

Yes. You can be saved from being sawed by Philadelphia ransomware; however, you must keep your computer armed with the best anti ransomware and antimalware. Note that some ransomware might circumvent the best anti ransomware, so the best practice is to become a vigilant user and not click on anything unusual and suspected.

See Also: Top 5 Tips to Fight Against Ransomware Havoc

Considering everything, Philadelphia Ransomware can be assumed as a penetrating type of infection. Though, it has only targeted the healthcare organizations now but you can be a victim too as the source code of this virus is opened for sale in $400 over the dark web. Any aspiring cybercriminal may get the code and start hunting for a prey. Keeping your computer immunized and guarded by antimalware and anti-ransomware should help.

Rishi Sharma

Rishi Sharma is a technical writer at Systweak Software. Being a software developer, he inclines to write about modern technology and progressive security for computers. One staunch admirer of Cricket, Rishi is also an active social worker and a gourmand.

Leave a Reply

Your email address will not be published. Required fields are marked *