Yet another ransomware is making the rounds. Dubbed Defray, the ransomware is targeting the education, healthcare, manufacturing, and technology sectors.
According to Proofpoint, a cybersecurity firm specializing in advanced threats and compliance risks, this ransomware is highly targeted. It carries out small attacks on specific industry verticals rather than broad attacks on general consumers. So far it appears to be targeting companies in the United Kingdom and the United States.
Defray distributes emails that contain a bogus Microsoft Word attachment embedded with an Object Linking and Embedding (OLE) shell object. If the user clicks on attachment, encryption takes place.
After launching, the ransomware sends a limited number of messages demanding a ransom of $5,000 for the encryption key that will return access to data. So far attacks have been launched on August 15 and 22, with email impersonating third parties as bait. One attack was camouflaged as a message from a hospital director of information management and technology and the other from an aquarium in the United Kingdom.
Unlike other recent ransomware products, Defray does not appear to be on for sale. Not only does Defray encrypt data, but it appears it might also be capable of disabling startup recovery and deleting copy volumes of the original data as well. It is highly advisable to keep backup files offline to prevent this further attack on data.