PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Rash of Ransomware Flummoxes Security Experts, FBI

Hospitals are the most vulnerable because they're often willing to just pay the ransom.

Tom Brant
 & Tom Brant Managing Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

New and more virulent strains of ransomware have targeted U.S. healthcare facilities and other victims in the last few weeks, prompting the FBI to investigate and issue a call for help to security experts.

SecurityWatchOne of the ransomware strains, called PowerWare, is especially worrisome because it targets entire networks using the Windows PowerShell administration software. PowerWare infects PCs by inserting malicious code into Word documents and using a PowerShell script and Office macros to encrypt folders once a user opens the rigged documents.

Filling seemingly benign Microsoft Office documents with malicious code is not a new attack method, but coupled with PowerWare's novel approach to encrypting files, it's a powerful and dangerous combination, security experts said.

"Ransomware authors are always trying to evolve to avoid detection, and using built-in Windows capabilities makes the malicious activity less noticeable," Tim Erlin, director of IT security and risk strategy for Tripwire, said in a statement to PCMag. "[PowerWare] may change its encryption technique, but it still requires an entry point onto the system. Malicious Word files sent through emails and the use of Microsoft Office macros is a very old vector for this new malware."

It's likely that PowerWare or similar ransomware strains were responsible for yesterday's attack on MedStar Health and two other recent high-profile attacks on medical centers in California and Kentucky. The FBI, which is investigating all three attacks, asked security researchers for immediate assistance last week.

Reuters said it obtained a confidential FBI advisory dated March 25 and sent to IT security firms that said, "We need your help!" That advisory was focused on a strain of ransomware similar to PowerWare that encrypts entire networks at once, rather than one PC at a time.

Ransomware attackers focus on the healthcare industry because they have sensitive data and have shown a willingness to pay the ransoms rather than spend extended amounts of time trying to unlock the data themselves.

"Such targets are particularly vulnerable because they cannot afford to be paralyzed for a long time (either because their data has been encrypted or because they shut down the system to avoid spreading the infection) and prefer to pay the ransom," David Melamed, a research engineer at CloudLock, said in a statement to PCMag.

Ultimately, there's little IT administrators can do to recover from or prevent these attacks until the security community learns more about them and their perpetrators are discovered. In the meantime, hospitals and other high-risk targets will have to rely on traditional security measures to prevent and mitigate attacks, said Jack Danahy, a co-founder of the IT security start-up Barkly.

"It will be interesting to see the outcome of law enforcement action in this attack," he said in a statement emailed to PCMag. "Hospitals who have remained unscathed to this point should be double-checking their protection, their backups, and their logs."

About Our Expert

Tom Brant

Tom Brant

Managing Editor

I’m a managing editor at PCMag.com focused on PC hardware. Reading this during the day? Then you've caught me testing gear and editing reviews of Wi-Fi routers, printers, laptops, and tons of other personal tech. (Reading this at night? Then I’m probably dreaming about all those cool products.) I’ve covered the consumer tech world as an editor, reporter, and analyst since 2015.

I've covered most major consumer tech events, including CES, Computex, Google I/O, and IFA. I've also appeared on CBS News, in USA Today, and at many other outlets to offer analysis on breaking technology news.

Before I joined the tech-journalism ranks, I wrote on topics as diverse as Borneo's rainforests, Middle Eastern airlines, and Big Data's role in presidential elections. A graduate of Middlebury College, I also have a master's degree in journalism and French Studies from New York University.

The Technology I Use

While most people buy a phone or laptop and stick with it for years, I’m lucky enough to use devices based on Android, iOS, macOS, and Windows daily as part of my job. As a result, I cycle through lots of tech in addition to my IT-issue work laptop. (Yes, that's a ThinkPad.) Personally, I’ve also owned a lot of tech products both cutting-edge and cringeworthy, from the Nintendo GameCube and the original MacBook to the Palm m105 and the CueCat.

Read the latest from Tom Brant

Read full bio