Home >
News | 10/10/2017

Defray Ransomware – Hitting Healthcare and Educational Sectors

About : Another Ransomware has come to the surface, which campaign against education and healthcare organizations.
Defray Ransomware

What is Defray Ransomware?

The ransomware used in the campaign against education and healthcare organizations is named Defray, which has the base on the command and control (C&C) server hostname used for the first observed attack: defrayable-listings[.]000webhostapp[.]com. The ransomware is being distributed through Microsoft Word document attachments in email.

Researchers have observed two targeted attack on Aug. 15, and on Aug. 22, and both appeared to be intended for specific organizations. The second attack on August 22, primarily aimed at Healthcare and Education involving messages with a Microsoft Word document containing an embedded executable (specifically, an OLE packager shell object). The attachment used a lure referencing a UK-based aquarium purported to be from a representative of the aquarium.

How Does Defray Ransomware works?

The attackers behind the Defray ransomware ask for $5,000, but researchers believe that the ransom note contains several email addresses, presumably from cybercriminal Igor Glushkov, this allows the victims to “negotiate a smaller ransom or ask questions. “The Defray ransomware targets a hardcoded list of file types but doesn’t change the file extension names. After encryption is complete, the Defray ransomware may cause other general havoc on the system by disabling startup recovery and deleting volume shadow copies. Once the victim clicks on the attachment, the ransomware is activated and encryption takes place. Defray, however, may also restrict startup recovery and delete shadow copy volumes, as well, according to Proofpoint. The researchers suspect Defray is not for sale like other ransomware strains and instead is being used by certain threat cyber criminals for their personal use.

Tips to Prevent Defray Ransomware from Infecting Your System:

1. Enable your popup blocker: Pop-ups and ads in the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs. So, avoid clicking uncertain sites, software offers, pop-ups etc.

2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update. By doing this you can keep your device free from virus. According to the survey, outdated/older versions of Windows operating system are an easy target.

3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.

4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection. Thus always backup important files regularly on a cloud drive or an external hard drive.

5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like  McAfee or a good  Malware Removal Tool like Free Malware RemovalTool

6. Install a powerful ad- blocker for  ChromeMozilla, and IE.

Subscribe to our newsletter today to receive updates on the Latest News and Threats.
We respect your privacy. Your information is safe and will never be shared.
The research team at howtoremoveit.info works actively in hunting down the latest Malware and notifies you so that your system stays protected always.
Is this page helpful? Yes NO
Leave a Reply
Your Email address will not be published. Required fields are marked